diff options
-rwxr-xr-x | contrib/bst-here | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/contrib/bst-here b/contrib/bst-here index 6b4e6b2f7..153d520f7 100755 --- a/contrib/bst-here +++ b/contrib/bst-here @@ -64,11 +64,19 @@ else command="/usr/bin/bst $@" fi +# FIXME: We run with --privileged to allow bwrap to mount system +# directories, but this is overkill. We should add the correct +# --cap-add calls, or seccomp settings, but we are not sure +# what those are yet. +# +# Old settings: +# --cap-add SYS_ADMIN +# --security-opt seccomp=unconfined +# exec docker run --rm -i${is_tty:+ -t} \ - --cap-add SYS_ADMIN \ + --privileged \ --env PS1="$BST_HERE_PS1" \ --device /dev/fuse \ - --security-opt seccomp=unconfined \ --volume buildstream-cache:/root/.cache/buildstream \ --volume buildstream-config:/root/.config \ --volume "$PWD":/src \ |