security/hakurei
6
3
Fork 0
Code Issues 11 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

internal/pkg: allow user namespace creation
All checks were successful
Test / Create distribution (push) Successful in 48s
Details
Test / Sandbox (push) Successful in 2m36s
Details
Test / Hakurei (push) Successful in 3m54s
Details
Test / ShareFS (push) Successful in 3m55s
Details
Test / Hpkg (push) Successful in 4m34s
Details
Test / Sandbox (race detector) (push) Successful in 4m59s
Details
Test / Hakurei (race detector) (push) Successful in 5m59s
Details
Test / Flake checks (push) Successful in 1m38s
Details

Browse Source 
No good reason to filter this in the execArtifact container, and the extended filter breaks certain programs.

Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
Ophestra
2026-01-21 04:49:25 +09:00
parent 9a06ce2db0
commit ba75587132
2 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
internal/pkg/exec.go
View File

@@ -290,7 +290,7 @@ func (a *execArtifact) cure(f *FContext, hostNet bool) (err error) {
z := container.New(ctx, f.GetMessage())
z.WaitDelay = execWaitDelay
z.SeccompPresets |= std.PresetStrict
z.SeccompPresets |= std.PresetStrict & ^std.PresetDenyNS
z.ParentPerm = 0700
z.HostNet = hostNet
z.Hostname = "cure"