Miroirs/Conty
1
0
Fork 0
mirror of https://github.com/Kron4ek/Conty synced 2025-01-13 20:01:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not bind /tmp when SANDBOX is enabled

Browse source 
However, it's necessary to bind /tmp/.X11-unix, otherwise applications will not be able to connect to X server when network is disabled (DISABLE_NET=1).
This commit is contained in:
Kron4ek 2021-05-20 14:06:53 +05:00 committed by GitHub
parent c8b12bc42d
commit c64be240da
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
conty-start.sh
View file

@ -38,7 +38,7 @@ mount_point="${working_dir}"/mnt
# a problem with mounting the squashfs image due to an incorrectly calculated offset.
# The size of this script
scriptsize=17967
scriptsize=18029
# The size of the utils.tar archive
# utils.tar contains bwrap and squashfuse binaries
@ -288,7 +288,8 @@ run_bwrap () {
dirs="--tmpfs /home --dir ${HOME} --tmpfs /opt --tmpfs /mnt \
--tmpfs /media --tmpfs /var --tmpfs /run --symlink /run /var/run \
--bind-try /run/user /run/user --bind-try /run/dbus /run/dbus"
--bind-try /run/user /run/user --bind-try /run/dbus /run/dbus \
--tmpfs /tmp --ro-bind-try /tmp/.X11-unix /tmp/.X11-unix"
if [ -n "${HOME_DIR}" ]; then
echo "Set HOME to ${HOME_DIR}"