Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Make --nofilesystem=host/home remove access to subdirs of those
Previously --nofilesystem=host only removed specifically access to the `host` permissions, and not necessarily other filesystems (like `home` or `/some/path`). This isn't very useful to limit access because you don't know what other filesystems the app may have access too. We change this to mean that `--nofilesystem=host` removes *all* filesystem access from the parent layer, and `--nofilesystem=home` removes all file access to the homedir and paths inside it. The available layers are, in order: * app permissions * overrides * commandline args This allows you to start from scratch with the filesystem permissions in the overrides or the commandline. This is a small change in behaviour, but not a lot of things use --nofilesystem, and the ones that do probably expects this behaviour.
- Loading branch information