Unshare IPC namespace when not in relaxed mode

Otherwise tests in the sandbox will think they have access to IPC stuff when they actually don't. Fixes #2256
systemd · Jan 9, 2024 · 2227eb2 · 2227eb2
1 parent 0ffba6d
commit 2227eb2
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
@@ -95,7 +95,10 @@ def sandbox_cmd(
     if relaxed:
         cmdline += ["--bind", "/tmp", "/tmp"]
     else:
-        cmdline += ["--tmpfs", "/tmp"]
+        cmdline += [
+            "--tmpfs", "/tmp",
+            "--unshare-ipc",
+        ]
 
     if (tools / "nix/store").exists():
         cmdline += ["--bind", tools / "nix/store", "/nix/store"]