Remove redundant system-call-filter
Since SYSTEMD_SECCOMP=0 adding system-call-filter is redundant
This commit is contained in:
parent
303f79a3ae
commit
53689df645
8
jlmkr.py
8
jlmkr.py
|
@ -389,7 +389,6 @@ def start_jail(jail_name, check_startup_enabled=False):
|
||||||
# Add additional flags required for docker
|
# Add additional flags required for docker
|
||||||
systemd_nspawn_additional_args += [
|
systemd_nspawn_additional_args += [
|
||||||
"--capability=all",
|
"--capability=all",
|
||||||
"--system-call-filter=add_key keyctl bpf",
|
|
||||||
]
|
]
|
||||||
|
|
||||||
# Legacy gpu_passthrough config setting
|
# Legacy gpu_passthrough config setting
|
||||||
|
@ -978,7 +977,12 @@ def create_jail(jail_name, distro="debian", release="bookworm"):
|
||||||
"--setenv=SYSTEMD_NSPAWN_LOCK=0",
|
"--setenv=SYSTEMD_NSPAWN_LOCK=0",
|
||||||
]
|
]
|
||||||
|
|
||||||
systemd_nspawn_default_args = ["--keep-unit", "--quiet", "--boot", "--bind-ro=/sys/module"]
|
systemd_nspawn_default_args = [
|
||||||
|
"--keep-unit",
|
||||||
|
"--quiet",
|
||||||
|
"--boot",
|
||||||
|
"--bind-ro=/sys/module",
|
||||||
|
]
|
||||||
|
|
||||||
config = cleandoc(
|
config = cleandoc(
|
||||||
f"""
|
f"""
|
||||||
|
|
Loading…
Reference in New Issue