bubblewrap icon indicating copy to clipboard operation
bubblewrap copied to clipboard

Published 20 hours ago verified publisher icon containers

Added --uid and --gid support when running as root without --unshare-user or --userns

Open axelfontaine opened this issue 5 months ago • 2 comments

Fixes https://github.com/containers/bubblewrap/issues/551

Disclaimer: My C skills are quite rusty, so apologies in advance in case I made some glaring mistake or if I missed something obvious. In my tests at least this worked for this use-case and didn't introduce any new issues.

axelfontaine avatar Jan 10 '24 07:01 axelfontaine

This is security-sensitive and will need careful review, to make sure it isn't introducing a security vulnerability in the case where bwrap is setuid root.

smcv avatar Mar 15 '24 16:03 smcv

Why? This only deals with the case where real_uid is 0.

axelfontaine avatar Mar 27 '24 08:03 axelfontaine