commit b7cc3cd6bc8713c16e71ef855456909c7f4af26c parent c4e1a898a31fbccb5c1ccccb5e7abe655692ed5a Author: Jan Pobrislo <ccx@te2000.cz> Date: Mon, 19 May 2025 11:34:30 +0000 Allow setresgid() for OpenSSH KnownHostCommand in rcm-ssh.ccx Diffstat:
| M | zsh-functions/confz_site_containers_init | | | 3 | ++- |
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/zsh-functions/confz_site_containers_init b/zsh-functions/confz_site_containers_init @@ -216,7 +216,8 @@ confz_site_containers_user_check() { UC socks alpine-tinyproxy "$ro versions" UCa ssh UCa pass mount_rw="ccx-password-store" $in_netns - UC rcm-ssh alpine-ssh "$ro rcm-devops versions" $with_more_fds + # seccomp profile for OpenSSH: KnownHostsCommand-ORDER: setresgid 1000: Operation not permitted + UC rcm-ssh alpine-ssh seccomp_profile=setuidgid "$ro rcm-devops versions" $with_more_fds UCa socials $in_netns UCa gpg $with_usb $in_netns UCa notes $in_netns mount_rw=ccx-task