mirror of
https://github.com/flatpak/flatpak.git
synced 2026-01-03 13:28:08 -05:00
26ad9154c3
This is a docker seccomp profile that allows you to run flatpak inside a docker container, given some special requirements: * The host kernel must support unprivileged user namespaces (Supported by e.g. fedora and ubuntu kernels) * The seccomp profile must be used (--security-opt seccomp=flatpak-docker-seccomp.json) * flatpak is run as a reguler user, not root, in the container * The full host /proc must be visible in the container (-v=/proc:/host/proc) The last one is a bit weird, but the regular /proc in docker is mounted with some cover-over mounts, and this makes the kernel disallow mounting a new procfs for the pid namespace. Adding in a full copy of the host fs causes this to be allowed. Closes: #2867 Approved by: alexlarsson
12 KiB
12 KiB