bubblewrap
bubblewrap copied to clipboard
containers
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
Fixes #617. RFC on wording, maybe "permanent" is not the best way to describe it, but it would address the confusion I had.
This commit adds --overlay, --tmp-overlay, --ro-overlay, and --overlay-src options to enable bubblewrap to create overlay mounts. These options are only permitted when bubblewrap is not installed setuid. --- This is...
Sorry if this is a duplicate, GitHub isn't letting me search for `--file`. I'm finding the following behavior surprising: ```console $ echo real > file $ cat file real $...
Fixes https://github.com/containers/bubblewrap/issues/551 Disclaimer: My C skills are quite rusty, so apologies in advance in case I made some glaring mistake or if I missed something obvious. In my tests at...
`pivot_root()` does not work in the initramfs. As a fallback, `MS_MOVE` can be used together with `chroot()` to mimick `pivot_root()` somewhat. bubblewrap should use this fallback if `pivot_root()` is not...
It would be nice if bwrap had a `--daemonize-with-child` option that daemonizes the outer bwrap when the first child process within bwrap daemonizes (exits but leaves other processes running). This...
I can see the COPYING and LICENSE but Github does not recognize them. I suggest fixing it. I do not know how to do it myself. I have tried forking...
Hi, I'm trying to achieve some security by limiting games to only have read permission of my system. Here is what I ended up with using after going through a...
Today the container-selinux policy denies `mount("tmpfs")`. Arguably...this is a bug in the policy with the advent of user namespaces. However, we could just use a temporary directory in an existing...
Metadata
Owner
Metadata
Low-level unprivileged sandboxing tool used by Flatpak and similar projects