Remove redundant system-call-filter

Since SYSTEMD_SECCOMP=0 adding system-call-filter is redundant
This commit is contained in:
Jip-Hop 2024-01-27 12:23:45 +01:00
parent 303f79a3ae
commit 53689df645
1 changed files with 6 additions and 2 deletions

View File

@ -389,7 +389,6 @@ def start_jail(jail_name, check_startup_enabled=False):
# Add additional flags required for docker # Add additional flags required for docker
systemd_nspawn_additional_args += [ systemd_nspawn_additional_args += [
"--capability=all", "--capability=all",
"--system-call-filter=add_key keyctl bpf",
] ]
# Legacy gpu_passthrough config setting # Legacy gpu_passthrough config setting
@ -978,7 +977,12 @@ def create_jail(jail_name, distro="debian", release="bookworm"):
"--setenv=SYSTEMD_NSPAWN_LOCK=0", "--setenv=SYSTEMD_NSPAWN_LOCK=0",
] ]
systemd_nspawn_default_args = ["--keep-unit", "--quiet", "--boot", "--bind-ro=/sys/module"] systemd_nspawn_default_args = [
"--keep-unit",
"--quiet",
"--boot",
"--bind-ro=/sys/module",
]
config = cleandoc( config = cleandoc(
f""" f"""