Merge pull request #1154 from wenottingham/namespaces-the-final-frontier

Have bubblewrap mount a new /proc in the wrapped environment.
2026-04-07 02:59:21 -02:30 · 2018-02-07 17:24:38 -05:00
parent fb5428dd63 c1a0e2cd16
commit e982f6ed06
1 changed files with 1 additions and 1 deletions
--- a/awx/main/utils/common.py
+++ b/awx/main/utils/common.py
@@ -766,7 +766,7 @@ def wrap_args_with_proot(args, cwd, **kwargs):
    '''
    from django.conf import settings
    cwd = os.path.realpath(cwd)
-    new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--unshare-pid', '--dev-bind', '/', '/']
+    new_args = [getattr(settings, 'AWX_PROOT_CMD', 'bwrap'), '--unshare-pid', '--dev-bind', '/', '/', '--proc', '/proc']
    hide_paths = [settings.AWX_PROOT_BASE_PATH]
    if not kwargs.get('isolated'):
        hide_paths.extend(['/etc/tower', '/var/lib/awx', '/var/log',