commit 75954baea135500756d2d646ed02de06b45bce66
parent 1e69d33825f910ed296e6fc5cb6db02041062176
Author: ccx <ccx@te2000.cz>
Date: Mon, 1 Apr 2024 21:21:53 +0000
netns for gpg and xorg
Diffstat:
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/service_scripts/xorg/run b/service_scripts/xorg/run
@@ -48,7 +48,10 @@ s6-envuidgid ${CONTAINER_USER}
export HOST ${CONTAINER_NAME}
emptyenv -c
-unshare -m -u -i # new mount, UTS and IPC namespaces
+unshare -n -m -u -i # new net, mount, UTS and IPC namespaces
+if { ip addr add 127.0.0.1/8 dev lo }
+if { ip addr add ::1/128 dev lo }
+if { ip link set lo up }
ns_run_unshared data/root {
# pre pivot-root commands
if { mount -o bind,ro /etc/passwd ./etc/passwd }
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -85,6 +85,14 @@ confz_site_containers_user_check() {
:containers_dir :svscan_dir :user
done
+ local -a netns=(
+ "#!$(which execlineb) -P"
+ 'unshare -n # make new network namespace'
+ 'if { ip addr add 127.0.0.1/8 dev lo }'
+ 'if { ip addr add ::1/128 dev lo }'
+ 'if { ip link set lo up }'
+ )
+
local -a mount_usb_devices=(
"#!$(which execlineb) -P"
'if { mount -o bind,ro /dev/bus/usb dev/bus/usb }'
@@ -103,7 +111,7 @@ confz_site_containers_user_check() {
{,alpine-}tor
{,alpine-}ssh
{,alpine-}socials
- gpg $'alpine-gpg\0prepare_chroot='"${(F)mount_usb_devices}"
+ gpg $'alpine-gpg\0prepare_chroot='${(F)mount_usb_devices}$'\0pid1_exec='${(F)netns}
{,void-}signal
{,void-}telegram
recombee-browser void-browsers
