From 2119d8c5890abff0db8ba00ffcbaa9549f6fec95 Mon Sep 17 00:00:00 2001
From: Ali Kelkawi <ali.kelkawi@canonical.com>
Date: Thu, 10 Oct 2024 10:50:25 +0300
Subject: [PATCH] set security nesting on lxd container

---
 .github/workflows/integration_test.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/integration_test.yaml b/.github/workflows/integration_test.yaml
index 9b1d1ccf..aded0a8d 100644
--- a/.github/workflows/integration_test.yaml
+++ b/.github/workflows/integration_test.yaml
@@ -85,6 +85,10 @@ on:
         description: Pull and build rockcraft from source instead of using snapstore version (this means that the rockcraft-channel input will be ignored).
         type: string
         default: ""
+      rockcraft-enable-security-nesting:
+        description: Set security.nesting=true on the rockcraft lxc project to allow for nested containers.
+        type: boolean
+        default: false
       microk8s-addons:
         description: Microk8s provider add-ons override. A minimum set of addons (the defaults) must be enabled.
         type: string
@@ -216,6 +220,10 @@ jobs:
         build: ${{ fromJSON(needs.plan.outputs.plan).build }}
     steps:
       - uses: canonical/setup-lxd@v0.1.1
+      - name: Set LXC security nesting
+        if: ${{ inputs.rockcraft-enable-security-nesting }}
+        run: |
+          lxc profile set default security.nesting true
       - uses: actions/checkout@v4
       - uses: canonical/operator-workflows/internal/build@main
         id: build