From 41f9aebbb7f93616637d717eef2371e2408b68ca Mon Sep 17 00:00:00 2001
From: Ophestra <cat@gensokyo.uk>
Date: Tue, 27 Jan 2026 21:07:18 +0900
Subject: [PATCH] internal/pkg: allow multiarch

The armv8l busybox binary release needs this to run correctly.

Signed-off-by: Ophestra <cat@gensokyo.uk>
---
 internal/pkg/exec.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/internal/pkg/exec.go b/internal/pkg/exec.go
index 0c43cff..f527080 100644
--- a/internal/pkg/exec.go
+++ b/internal/pkg/exec.go
@@ -18,6 +18,7 @@ import (
 	"hakurei.app/container"
 	"hakurei.app/container/check"
 	"hakurei.app/container/fhs"
+	"hakurei.app/container/seccomp"
 	"hakurei.app/container/std"
 	"hakurei.app/message"
 )
@@ -302,6 +303,7 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
 	z := container.New(ctx, f.GetMessage())
 	z.WaitDelay = execWaitDelay
 	z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
+	z.SeccompFlags |= seccomp.AllowMultiarch
 	z.ParentPerm = 0700
 	z.HostNet = hostNet
 	z.Hostname = "cure"