helper/bwrap: pass --unshare-user when unshare everything

Bubblewrap apparently requires --unshare-user even when --unshare-all is set to apply --disable-userns. This behaviour is not clearly documented.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-10-09 00:22:48 +09:00
parent c201c30c7f
commit b99ed94386
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
2 changed files with 2 additions and 1 deletions

View File

@ -21,7 +21,7 @@ const (
) )
var boolArgs = func() (b [boolC][]string) { var boolArgs = func() (b [boolC][]string) {
b[UnshareAll] = []string{"--unshare-all"} b[UnshareAll] = []string{"--unshare-all", "--unshare-user"}
b[UnshareUser] = []string{"--unshare-user"} b[UnshareUser] = []string{"--unshare-user"}
b[UnshareIPC] = []string{"--unshare-ipc"} b[UnshareIPC] = []string{"--unshare-ipc"}
b[UnsharePID] = []string{"--unshare-pid"} b[UnsharePID] = []string{"--unshare-pid"}

View File

@ -49,6 +49,7 @@ func TestConfig_Args(t *testing.T) {
}, },
want: []string{ want: []string{
"--unshare-all", "--unshare-all",
"--unshare-user",
"--disable-userns", "--disable-userns",
"--assert-userns-disabled", "--assert-userns-disabled",
"--clearenv", "--clearenv",