aboutsummaryrefslogtreecommitdiff
path: root/misc/systemd/nix-daemon.service.in
diff options
context:
space:
mode:
authorEelco Dolstra <edolstra@gmail.com>2023-01-27 15:25:56 +0100
committerEelco Dolstra <edolstra@gmail.com>2023-02-07 22:51:53 +0100
commitbc1d9fd8b5a14334af1d0455e6b4d595cae959d5 (patch)
tree0d2c294a900597ee2ae9b09e39d9f8cd98077343 /misc/systemd/nix-daemon.service.in
parentfb2f7f5dcc6b37a4f39f59d9f477d3fa57d79095 (diff)
Check whether we can use PID namespaces
In unprivileged podman containers, /proc is not fully visible (there are other filesystems mounted on subdirectories of /proc). Therefore we can't mount a new /proc in the sandbox that matches the PID namespace of the sandbox. So this commit automatically disables sandboxing if /proc is not fully visible.
Diffstat (limited to 'misc/systemd/nix-daemon.service.in')
0 files changed, 0 insertions, 0 deletions