diff options
author | Simon McVittie <smcv@collabora.com> | 2022-12-16 18:46:23 +0000 |
---|---|---|
committer | Alexander Larsson <alexander.larsson@gmail.com> | 2023-01-03 11:04:09 +0100 |
commit | b5f672355b916e6e59dad5ec9ca55aa90afe8a90 (patch) | |
tree | 50850ae7a345afc1d75a9adb00e367d4528ef0e0 /completions/zsh/_bwrap | |
parent | b33c333bcb88557ad23a9bc5be0d619d537984e9 (diff) | |
download | bubblewrap-b5f672355b916e6e59dad5ec9ca55aa90afe8a90.tar.gz |
Add --assert-userns-disabled option
We can't combine --disable-userns with entering an existing user
namespace via --userns if the existing user namespace was created with
--disable-userns, because its ability to create nested user namespaces
has already been disabled. However, the next best thing is to verify
that we are already in the desired state.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Diffstat (limited to 'completions/zsh/_bwrap')
-rw-r--r-- | completions/zsh/_bwrap | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/completions/zsh/_bwrap b/completions/zsh/_bwrap index 7488727..a2e2caf 100644 --- a/completions/zsh/_bwrap +++ b/completions/zsh/_bwrap @@ -27,6 +27,7 @@ _bwrap_args=( # Please sort alphabetically (in LC_ALL=C order) by option name '--add-seccomp-fd[Load and use seccomp rules from FD]: :_guard "[0-9]#" "file descriptor to read seccomp rules from"' + '--assert-userns-disabled[Fail unless further use of user namespace inside sandbox is disabled]' '--args[Parse NUL-separated args from FD]: :_guard "[0-9]#" "file descriptor with NUL-separated arguments"' '--as-pid-1[Do not install a reaper process with PID=1]' '--bind-try[Equal to --bind but ignores non-existent SRC]:source:_files:destination:_files' |