unshare: full rootless

2025-12-24 19:03:24 +01:00
parent 239597ffca
commit ab7f2ca1a1
2 changed files with 82 additions and 19 deletions
--- a/src/context/unshare.rs
+++ b/src/context/unshare.rs
@@ -166,11 +166,18 @@ impl UnshareDriver {
        env: &[(String, String)],
        cwd: Option<&str>,
    ) -> ContextCommand<'_> {
-        let mut cmd = self.parent().command("sudo");
-        cmd.args(env.iter().map(|(k, v)| format!("{k}={v}")));
+        let mut cmd = self.parent().command("unshare");

-        cmd.arg("unshare")
-            .arg("--mount-proc")
+        cmd.envs(env.iter().cloned());
+
+        cmd.arg("--mount-proc")
+            .arg("--pid")
+            .arg("--ipc")
+            .arg("--uts")
+            .arg("--map-auto")
+            .arg("-r")
+            .arg("--mount")
+            .arg("--fork")
            .arg("-R")
            .arg(&self.path);