rpm-ostree

keremet/rpm-ostree

Fork 0

Commit Graph

Author	SHA1	Message	Date
Colin Walters	e86dc13c49	bwrap: Don't use --unshare-net in nspawn by default This will fix rpm-ostree-in-mock-in-koji. The drawback is minor: post scripts will have network access. But we're going to be testing the no-network case in our Docker-based builds, so that's fine. Closes: #672 Approved by: jlebon	2017-03-10 17:27:56 +00:00
Colin Walters	22048b25a7	scripts: Use tmpfs for /var/tmp, not the host's /tmp We don't want to expose the host's `/tmp` since that means scripts could potentially find things like the X11 socket or whatever. To debug things better, add a quick bash script to run bwrap like the C code does. Perhaps down the line we can add `rpm-ostree internals run-bwrap` or so. Closes: #647 Approved by: jlebon	2017-02-28 23:37:15 +00:00

Author

SHA1

Message

Date

Colin Walters

e86dc13c49

bwrap: Don't use --unshare-net in nspawn by default

This will fix rpm-ostree-in-mock-in-koji. The drawback is minor: post scripts
will have network access. But we're going to be testing the no-network case in
our Docker-based builds, so that's fine.

Closes: #672
Approved by: jlebon

2017-03-10 17:27:56 +00:00

Colin Walters

22048b25a7

scripts: Use tmpfs for /var/tmp, not the host's /tmp

We don't want to expose the host's `/tmp` since that means scripts could
potentially find things like the X11 socket or whatever.

To debug things better, add a quick bash script to run bwrap like the C code
does. Perhaps down the line we can add `rpm-ostree internals run-bwrap` or so.

Closes: #647
Approved by: jlebon

2017-02-28 23:37:15 +00:00

2 Commits