commit 833da25e56c400396d35ba4dcf82866fd8c89f3d
parent e7dab52da6c116d02b6b9113d143394d8d0f9d41
Author: Jan Pobrislo <ccx@te2000.cz>
Date: Sun, 3 Aug 2025 17:03:00 +0000
Isolate doom in network namespace
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init
@@ -281,7 +281,7 @@ confz_site_containers_user_check() {
UC git alpine-git mount_rw=ccx-baregit $in_netns
UC sndiod alpine-sndio $with_audio $in_netns
UC mpd void-mpd "$ro init audio"
- UC doom void-doom seccomp_profile=ptrace
+ UC doom void-doom $in_netns seccomp_profile=ptrace
#UC {,}alpine-recombee
UC rcm-puppet alpine-puppet $in_netns
UC rcm-postgresql-dev alpine-postgresql-dev $in_netns seccomp_profile=ptrace
@@ -1216,6 +1216,7 @@ confz_site_container_images_check() {
deutex
crispy-doom
gzdoom
+ glxinfo
)
require site_container_void_musl :containers_dir :svscan_dir \
image_name=void-doom packages="$void_doom"
