This commit is contained in:
Jip-Hop 2023-01-28 12:32:09 +01:00
parent 3215bd543f
commit a7c16737ec
1 changed files with 2 additions and 3 deletions

View File

@ -87,7 +87,7 @@ start_jail() {
if [[ "${docker_compatible}" -eq 1 ]]; then if [[ "${docker_compatible}" -eq 1 ]]; then
# Enable ip forwarding on the host (docker needs it) # Enable ip forwarding on the host (docker needs it)
echo 1 >/proc/sys/net/ipv4/ip_forward echo 1 >/proc/sys/net/ipv4/ip_forward
# To properly run docker inside the jail, we need to lift restrictions # To properly run docker inside the jail, we need to lift restrictions
# Without DevicePolicy=auto images with device nodes may not be pulled # Without DevicePolicy=auto images with device nodes may not be pulled
# For example docker pull ljishen/sysbench would fail # For example docker pull ljishen/sysbench would fail
@ -249,8 +249,7 @@ create_jail() {
# Fetch the lxc download script if not present locally (or hash doesn't match) # Fetch the lxc download script if not present locally (or hash doesn't match)
if ! validate_download_script "${lxc_download_script_path}"; then if ! validate_download_script "${lxc_download_script_path}"; then
curl -fSL curl -fSL https://raw.githubusercontent.com/Jip-Hop/lxc/58520263041b6864cadad96278848f9b8ce78ee9/templates/lxc-download.in -o "${lxc_download_script_path}"
https://raw.githubusercontent.com/Jip-Hop/lxc/58520263041b6864cadad96278848f9b8ce78ee9/templates/lxc-download.in -o "${lxc_download_script_path}"
# Validate after download to prevent executing arbitrary code as root # Validate after download to prevent executing arbitrary code as root
validate_download_script "${lxc_download_script_path}" || fail 'Abort! Downloaded script has unexpected contents.' validate_download_script "${lxc_download_script_path}" || fail 'Abort! Downloaded script has unexpected contents.'
fi fi