From 7a8b8e56ca118d20b65fbdfe5420fda9929fad5c Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Mon, 27 Apr 2026 14:18:07 +0200
Subject: [PATCH] Update install.func

---
 misc/install.func | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/misc/install.func b/misc/install.func
index ec4fcea4..591ed04f 100644
--- a/misc/install.func
+++ b/misc/install.func
@@ -888,6 +888,14 @@ setting_up_container() {
     grep -qxF 'LC_ALL=C.UTF-8' /etc/environment 2>/dev/null || echo -e 'LC_ALL=C.UTF-8\nLANG=C.UTF-8' >>/etc/environment
   fi
 
+  # Arch Linux: pacman 7+ uses Landlock sandboxing for the 'alpm' user, which
+  # requires kernel features unavailable in unprivileged LXC containers.
+  # Disabling DownloadUser falls back to running as root (safe inside an LXC).
+  if [[ "$PKG_MANAGER" == "pacman" && -f /etc/pacman.conf ]]; then
+    sed -i 's/^\s*DownloadUser\s*=.*/#&/' /etc/pacman.conf
+    grep -q '^DisableSandbox' /etc/pacman.conf || sed -i '/^\[options\]/a DisableSandbox' /etc/pacman.conf
+  fi
+
   # Disable network wait services for faster boot
   case "$INIT_SYSTEM" in
   systemd)