diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2023-01-27 15:25:56 +0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2023-02-07 22:51:53 +0100 |
commit | bc1d9fd8b5a14334af1d0455e6b4d595cae959d5 (patch) | |
tree | 0d2c294a900597ee2ae9b09e39d9f8cd98077343 /misc/systemd/nix-daemon.service.in | |
parent | fb2f7f5dcc6b37a4f39f59d9f477d3fa57d79095 (diff) |
Check whether we can use PID namespaces
In unprivileged podman containers, /proc is not fully visible (there
are other filesystems mounted on subdirectories of /proc). Therefore
we can't mount a new /proc in the sandbox that matches the PID
namespace of the sandbox. So this commit automatically disables
sandboxing if /proc is not fully visible.
Diffstat (limited to 'misc/systemd/nix-daemon.service.in')
0 files changed, 0 insertions, 0 deletions