nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-01-21 07:55:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

container: Allow podman containers to run inside the container

Browse Source 
- Allow all system calls from within the container (in particular the openat2
syscall [1]). This enables running podman containers inside the nspawn
container. Nextcloud can now be tested/developed inside the container.

- List of available system call filter groups can be seen with the command
'systemd-analyze syscall-filter'[2].

Links:

1) https://github.com/containers/podman/issues/7013

2) https://www.freedesktop.org/software/systemd/man/latest/systemd-analyze.html#systemd-analyze%20syscall-filter%20%5BSET...%5D

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2024-06-25 14:29:41 -07:00 committed by James Valleroy
parent d87685b95a
commit 7c485c0367
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
container
View File

@ -785,6 +785,9 @@ def _create_nspawn_machine(image_file, distribution):
nspawn_options = f'''[Exec]
Boot=yes
PrivateUsers=no
# Allow all system calls to enable podman containers inside the nspawn
# container.
SystemCallFilter=@known
[Files]
Overlay={_get_project_folder()}:{overlay_folder}:/freedombox