secrets: add sandbox user

2024-01-30 11:56:22 +01:00
parent 6229cab375
commit 140973270a
2 changed files with 15 additions and 3 deletions
--- a/pkgs/clan-cli/clan_cli/secrets/generate.py
+++ b/pkgs/clan-cli/clan_cli/secrets/generate.py
@@ -56,6 +56,8 @@ def generate_secrets(machine: Machine) -> None:
                        "--bind", str(facts_dir), str(facts_dir),
                        "--bind", str(secrets_dir), str(secrets_dir),
                        "--unshare-all",
+                        "--unshare-user",
+                        "--uid", "1000",
                        "--",
                        "bash", "-c", machine.secrets_data[service]["generator"]
                    ],