mirror of
https://github.com/flatpak/flatpak.git
synced 2026-01-23 23:28:14 -05:00
26ad9154c3
This is a docker seccomp profile that allows you to run flatpak inside a docker container, given some special requirements: * The host kernel must support unprivileged user namespaces (Supported by e.g. fedora and ubuntu kernels) * The seccomp profile must be used (--security-opt seccomp=flatpak-docker-seccomp.json) * flatpak is run as a reguler user, not root, in the container * The full host /proc must be visible in the container (-v=/proc:/host/proc) The last one is a bit weird, but the regular /proc in docker is mounted with some cover-over mounts, and this makes the kernel disallow mounting a new procfs for the pid namespace. Adding in a full copy of the host fs causes this to be allowed. Closes: #2867 Approved by: alexlarsson
15 lines
438 B
PHP
15 lines
438 B
PHP
introspectiondir = $(datadir)/dbus-1/interfaces
|
|
introspection_DATA = \
|
|
data/org.freedesktop.Flatpak.xml \
|
|
data/org.freedesktop.portal.Flatpak.xml \
|
|
$(NULL)
|
|
|
|
EXTRA_DIST += \
|
|
data/org.freedesktop.portal.Documents.xml \
|
|
data/org.freedesktop.impl.portal.PermissionStore.xml \
|
|
data/org.freedesktop.systemd1.xml \
|
|
data/org.freedesktop.Flatpak.xml \
|
|
data/org.freedesktop.portal.Flatpak.xml \
|
|
data/flatpak-docker-seccomp.json \
|
|
$(NULL)
|