." This requires a kernel with seccomp trap to user space support (5.3 or newer)."
." This is experimental.",
},
+ force_rw_sys => {
+ optional => 1,
+ type => 'boolean',
+ default => 0,
+ description => "Mount /sys in unprivileged containers as `rw` instead of `mixed`."
+ ." This can break networking under newer (>= v245) systemd-network use."
+ },
};
my $confdesc = {
# FIXME: $force deletion is not implemented for CTs
foreach my $opt (sort keys %$pending_delete_hash) {
next if $selection && !$selection->{$opt};
- $class->cleanup_pending($conf);
eval {
if ($opt =~ m/^mp(\d+)$/) {
my $mp = $class->parse_ct_mountpoint($conf->{$opt});
}
}
+ $class->cleanup_pending($conf);
+
foreach my $opt (sort keys %{$conf->{pending}}) { # add/change
next if $opt eq 'delete'; # just to be sure
next if $selection && !$selection->{$opt};
if (my $err = $@) {
$add_apply_error->($opt, $err);
} else {
- $class->cleanup_pending($conf);
$conf->{$opt} = delete $conf->{pending}->{$opt};
}
}