sandbox: expose seccomp interface
All checks were successful
Test / Create distribution (push) Successful in 31s
Test / Sandbox (push) Successful in 1m59s
Test / Hakurei (push) Successful in 2m47s
Test / Sandbox (race detector) (push) Successful in 3m11s
Test / Planterette (push) Successful in 3m34s
Test / Hakurei (race detector) (push) Successful in 4m22s
Test / Flake checks (push) Successful in 1m8s
All checks were successful
Test / Create distribution (push) Successful in 31s
Test / Sandbox (push) Successful in 1m59s
Test / Hakurei (push) Successful in 2m47s
Test / Sandbox (race detector) (push) Successful in 3m11s
Test / Planterette (push) Successful in 3m34s
Test / Hakurei (race detector) (push) Successful in 4m22s
Test / Flake checks (push) Successful in 1m8s
There's no point in artificially limiting and abstracting away these options. The higher level hakurei package is responsible for providing a secure baseline and sane defaults. The sandbox package should present everything to the caller. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
@@ -67,6 +67,7 @@ func (p *Proxy) Start() error {
|
||||
p.final, true,
|
||||
argF, func(container *sandbox.Container) {
|
||||
container.SeccompFlags |= seccomp.AllowMultiarch
|
||||
container.SeccompPresets |= seccomp.PresetStrict
|
||||
container.Hostname = "hakurei-dbus"
|
||||
container.CommandContext = p.CommandContext
|
||||
if p.output != nil {
|
||||
|
||||
Reference in New Issue
Block a user