Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add flatpak in docker seccomp profile
This is a docker seccomp profile that allows you to run flatpak inside a docker container, given some special requirements: * The host kernel must support unprivileged user namespaces (Supported by e.g. fedora and ubuntu kernels) * The seccomp profile must be used (--security-opt seccomp=flatpak-docker-seccomp.json) * flatpak is run as a reguler user, not root, in the container * The full host /proc must be visible in the container (-v=/proc:/host/proc) The last one is a bit weird, but the regular /proc in docker is mounted with some cover-over mounts, and this makes the kernel disallow mounting a new procfs for the pid namespace. Adding in a full copy of the host fs causes this to be allowed. Closes: #2867 Approved by: alexlarsson
- Loading branch information