security/hakurei
6
3
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

init: custom init process inside sandbox

Browse Source 
Bubblewrap as init is a bit awkward and don't support a few setup actions fortify will need, such as starting/supervising nscd.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra
2024-10-14 02:27:02 +09:00
parent 315c9b8849
commit 1302bcede0
7 changed files with 222 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/app/config.go
View File

@@ -90,6 +90,7 @@ func (s *SandboxConfig) Bwrap() *bwrap.Config {
Mqueue: []string{"/dev/mqueue"},
NewSession: !s.NoNewSession,
DieWithParent: true,
AsInit: true,
}
for _, c := range s.Filesystem {