bubblewrap
bubblewrap copied to clipboard
containers
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
#547 adds support for overlayfs mounts. There are important features that it doesn't provide: 1. In some situations the user and group of the files and folders of the overlayfs...
get_current_dir_name is a GNU function, and is not supported on all C libraries. Bionic is the main one here, as musl provides the get_current_dir_name we're using here. We mostly copy-paste...
When running bwrap within a job of a SLURM cluster node, I get the following error: ``` $ srun user bwrap: pivot_root: Invalid argument ``` It's highly desirable to let...
In #594 I've found that bubblewrap fails due to `pivot_root()`, when binding folder on an NFS filesystem. It would be a pity to fail the entire bubblewrap due to this...
In our Endless image builder, we chroot into the ostree deployment to install apps with flatpak. The triggers always fail for 2 reasons: 1. The slave mounting of / fails...
I installed all of the appropriate dependencies for building, save for libselinux. Everything goes well until I get to building bubblewrap. Here is the output: ```sh ~/oro/bubblewrap $ meson compile...
In cases where `bwrap` runs its own additional PID 1 process (e.g. `--unshare-pid`), `child-pid` is the PID of that process, not the PID of the user-specified COMMAND. This is inconvenient...
`--json-status-fd` gives a `child-pid` value, which is handy. In a lot of situations that is the pid of the COMMAND you're running in the sandbox. But when run with `--unshare-pid`...
`resolve_symlinks_in_ops` appears to be called *after* setting up the new UID namespace, when it no longer has privileges to access the bind source. So even running bwrap as root, I...
Metadata
Owner
Metadata
Low-level unprivileged sandboxing tool used by Flatpak and similar projects