Migrate allowing sub-namespaces to labels as well
This commit is contained in:
parent
ded4816343
commit
52faa6c6d7
|
@ -10,4 +10,9 @@ ENV PROTON_NO_FSYNC=1
|
|||
|
||||
LABEL net.typeblog.dobu.desktop_file_path="/usr/share/applications/steam.desktop"
|
||||
|
||||
# Steam Runtime requires its own namespaces
|
||||
# so we have to allow them in our seccomp filter.
|
||||
# Don't use it if you don't trust their sandboxing (pressure-vessel).
|
||||
LABEL net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces="true"
|
||||
|
||||
ENTRYPOINT [ "/usr/games/steam" ]
|
||||
|
|
|
@ -26,11 +26,7 @@ if container_exists "$container_name"; then
|
|||
exit 0
|
||||
fi
|
||||
|
||||
# Load app control file because some apps require run-time customization
|
||||
# TODO: Maybe these things should really be container labels?
|
||||
[ -f "$script_path/apps/$1/control" ] && . "$script_path/apps/$1/control"
|
||||
|
||||
if [ "$UNSAFE_I_KNOW_WHAT_I_AM_DOING_ALLOW_NAMESPACES" == "true" ]; then
|
||||
if [ "$(get_image_label "$image_name" net.typeblog.dobu.unsafe_i_know_what_i_am_doing_allow_namespaces)" == "true" ]; then
|
||||
log "Enabling sub-namespaces support inside this container"
|
||||
log "This is considered UNSAFE; DO NOT USE if the app inside container does not do its own sandboxing"
|
||||
log "DO NOT USE if you don't trust sandboxing done by the app inside"
|
||||
|
|
Loading…
Reference in a new issue