sanebox: fix uid mapping when bwrap uses the pasta backend
This commit is contained in:
parent
90d428be7f
commit
f158842c70
|
@ -663,10 +663,21 @@ bwrapGetCli() {
|
|||
# --unshare-uts
|
||||
# --unshare-user (implicit to every non-suid call to bwrap)
|
||||
locate _bwrap "bwrap" "$BWRAP_FALLBACK"
|
||||
if [ -n "$bwrapUsePasta" ]; then
|
||||
# pasta drops us into an environment where we're root, but some apps complain if run as root.
|
||||
# TODO: this really belongs on the `pastaonlyGetCli` side.
|
||||
# TODO: i think we need to add `/dev/net/tun` to the namespace for nested pasta calls to work?
|
||||
bwrapFlags+=(
|
||||
# --unshare-user is necessary for --uid to work when called as pseudo root
|
||||
--unshare-user
|
||||
--uid "$UID"
|
||||
--gid "${GROUPS[0]}"
|
||||
)
|
||||
fi
|
||||
cliArgs=(
|
||||
"$_bwrap" "${bwrapUnshareCgroup[@]}" "${bwrapUnshareIpc[@]}"
|
||||
"${bwrapUnshareNet[@]}" "${bwrapUnsharePid[@]}"
|
||||
"${bwrapUnshareUser[@]}" "${bwrapUnshareUts[@]}"
|
||||
"${bwrapUnshareUts[@]}"
|
||||
"${bwrapVirtualizeDev[@]}" "${bwrapVirtualizeProc[@]}" "${bwrapVirtualizeTmp[@]}"
|
||||
"${bwrapFlags[@]}" --
|
||||
env "${portalEnv[@]}" "${cliArgs[@]}"
|
||||
|
|
Loading…
Reference in New Issue
Block a user