Use --privileged in Fedora container
This enables the namespace-based sandbox in Bazel.
Using `--privileged` isn't as dangerous as it looks, when used with podman in rootless mode (i.e. ran as unprivileged user), in which case it uses user namespaces.
We drop `--net=host`, which is not actually necessary.
Test Plan:
scripts/destroy_container.sh
scripts/create_container.sh
scripts/run_in_container.sh bazelisk build :swtpm_data
This now fails properly when ran with the container:
swtpm-localca: touch: cannot touch '/var/lib/swtpm-localca/.lock.swtpm-localca': Read-only file system
swtpm-localca: Error: Could not create lock file /var/lib/swtpm-localca/.lock.swtpm-localca.
X-Origin-Diff: phab/D202
GitOrigin-RevId: f51a831e7584cccf21860e9f18b73272a658f055
diff --git a/scripts/create_container.sh b/scripts/create_container.sh
index 6d284a1..8d01706 100755
--- a/scripts/create_container.sh
+++ b/scripts/create_container.sh
@@ -32,6 +32,6 @@
-v repo-cache:/root/repo-cache \
--tmpfs=/root/.cache/bazel:exec \
--device /dev/kvm \
- --net=host \
+ --privileged \
--name=smalltown-dev \
smalltown-builder