diff options
Diffstat (limited to 'libmat2')
| -rw-r--r-- | libmat2/subprocess.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libmat2/subprocess.py b/libmat2/subprocess.py index f1142be..fb6fc9d 100644 --- a/libmat2/subprocess.py +++ b/libmat2/subprocess.py | |||
| @@ -51,6 +51,7 @@ def _get_bwrap_args(tempdir: str, | |||
| 51 | ['--dev', '/dev', | 51 | ['--dev', '/dev', |
| 52 | '--proc', '/proc', | 52 | '--proc', '/proc', |
| 53 | '--chdir', cwd, | 53 | '--chdir', cwd, |
| 54 | '--tmpfs', '/tmp', | ||
| 54 | '--unshare-user-try', | 55 | '--unshare-user-try', |
| 55 | '--unshare-ipc', | 56 | '--unshare-ipc', |
| 56 | '--unshare-pid', | 57 | '--unshare-pid', |
| @@ -58,6 +59,7 @@ def _get_bwrap_args(tempdir: str, | |||
| 58 | '--unshare-uts', | 59 | '--unshare-uts', |
| 59 | '--unshare-cgroup-try', | 60 | '--unshare-cgroup-try', |
| 60 | '--new-session', | 61 | '--new-session', |
| 62 | '--cap-drop', 'all', | ||
| 61 | # XXX: enable --die-with-parent once all supported platforms have | 63 | # XXX: enable --die-with-parent once all supported platforms have |
| 62 | # a bubblewrap recent enough to support it. | 64 | # a bubblewrap recent enough to support it. |
| 63 | # '--die-with-parent', | 65 | # '--die-with-parent', |