From 8d6b46091ad8116792fc47b3fe26a892948bfa9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A1szl=C3=B3=20V=C3=A1rady?= <laszlo.varady@anno.io>
Date: Thu, 16 Jan 2025 13:48:28 +0100
Subject: [PATCH] dbld: start privileged container only when shell is requested
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is only needed for gdb sessions, but it interferes with auth modules
in sudo, for example.

Signed-off-by: László Várady <laszlo.varady@anno.io>
---
 dbld/rules | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/dbld/rules b/dbld/rules
index a39431df8..ebcd9549a 100755
--- a/dbld/rules
+++ b/dbld/rules
@@ -27,7 +27,7 @@ CONTAINER_REGISTRY ?= ghcr.io/axoflow
 MODE ?= snapshot
 VERSION ?= $(shell MODE=${MODE} scripts/version.sh)
 DOCKER_RUN_ARGS=-e USER_NAME_ON_HOST=$(shell whoami)	\
-        --network=host --privileged \
+        --network=host \
 	--ulimit nofile=1024:1024 \
 	-v $(ROOT_DIR):/source \
         -v $(DBLD_DIR):/dbld \
@@ -55,7 +55,7 @@ CONFIGURE_OPTS=--enable-debug --enable-manpages --with-python=3 --prefix=/instal
 DBLD_RULES=$(MAKE) --no-print-directory -f $(DBLD_DIR)/rules
 
 DOCKER_INTERACTIVE=$(shell if tty -s; then echo "-ti"; else echo "-i"; fi)
-DOCKER_SHELL=$(DOCKER) run $(DOCKER_RUN_ARGS) --rm $(DOCKER_INTERACTIVE) ${CONTAINER_REGISTRY}/axosyslog-dbld-$* /dbld/shell $(if $(SHELL_COMMAND),"$(SHELL_COMMAND)",bash)
+DOCKER_SHELL=$(DOCKER) run $(DOCKER_RUN_ARGS) --privileged --rm $(DOCKER_INTERACTIVE) ${CONTAINER_REGISTRY}/axosyslog-dbld-$* /dbld/shell $(if $(SHELL_COMMAND),"$(SHELL_COMMAND)",bash)
 
 -include $(if $(RULES_CONF),$(RULES_CONF),$(DBLD_DIR)/rules.conf)