summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Systemd.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Systemd.hs')
-rw-r--r--src/Propellor/Property/Systemd.hs9
1 files changed, 7 insertions, 2 deletions
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 9e9a1de1..bfc0f9a5 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -278,16 +278,21 @@ nspawned c@(Container name (Chroot.Chroot loc builder _ _) h) =
-- Chroot provisioning is run in systemd-only mode,
-- which sets up the chroot and ensures systemd and dbus are
-- installed, but does not handle the other properties.
- chrootprovisioned = Chroot.provisioned' chroot True
+ chrootprovisioned = Chroot.provisioned' chroot True [FilesystemContained]
-- Use nsenter to enter container and and run propellor to
-- finish provisioning.
containerprovisioned :: RevertableProperty Linux Linux
containerprovisioned =
- tightenTargets (Chroot.propellChroot chroot (enterContainerProcess c) False)
+ tightenTargets (Chroot.propellChroot chroot (enterContainerProcess c) False containercaps)
<!>
doNothing
+ containercaps =
+ [ FilesystemContained
+ , HostnameContained
+ ]
+
chroot = Chroot.Chroot loc builder Chroot.propagateChrootInfo h
-- | Sets up the service files for the container, using the