Remove dBus access to the host system when running an init

When running an init, the dBus socket must point to the toolbox system and not the host.
containers · Jul 19, 2019 · 2e26ff5 · 2e26ff5
1 parent 80fc621
commit 2e26ff5
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/toolbox b/toolbox
@@ -796,9 +796,11 @@ create()
     if $init; then
         pid_ns=""
         init_option="--init"
+        system_dbus_bind=""
     else
         pid_ns="--pid host"
         init_option=""
+        system_dbus_bind="--volume $dbus_system_bus_path:$dbus_system_bus_path"
     fi
 
     # shellcheck disable=SC2086
@@ -825,7 +827,7 @@ create()
             $toolbox_profile_bind \
             --volume "$XDG_RUNTIME_DIR":"$XDG_RUNTIME_DIR" \
             --volume "$XDG_RUNTIME_DIR"/.flatpak-helper/monitor:/run/host/monitor \
-            --volume "$dbus_system_bus_path":"$dbus_system_bus_path" \
+            $system_dbus_bind \
             --volume "$home_canonical":"$home_canonical":rslave \
             --volume /etc:/run/host/etc \
             --volume /dev:/dev:rslave \