ericonr
/
ericonr-gemini
mirror of https://github.com/ericonr/ericonr-gemini.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Unshare-all with bubblewrap. 

Should have been --unshare-all from the start. One of the advantages of
the ucspi model is exactly that the server program doesn't even need
network access.
This commit is contained in:
Érico Nogueira 2021-11-17 22:38:29 -03:00
parent 9ff087020e
commit a3b376a1b2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
host.sh
View File

@ -5,5 +5,6 @@ exec env \
s6-tlsserver -k1 0.0.0.0 1965 \
bwrap --ro-bind /usr /usr --symlink usr/lib /lib \
--proc /proc --dev /dev \
--ro-bind $PWD/gemini /gemini --ro-bind $PWD/lc19 /lc19 --unshare-pid \
--ro-bind $PWD/gemini /gemini --ro-bind $PWD/lc19 /lc19 \
--unshare-all \
/lc19 --data-dir=/gemini