bubblewrap

bubblewrap copied to clipboard

(Option 2) Fixed O(N^2) performance when handling --bind flags

3

Issue [#384](https://github.com/containers/bubblewrap/issues/384). Same Pull Request as #629 (please read it). But I've been thinking about changes I have made and realized that maybe segment trees with lazy propagation is a...

witaway

Is there like a native C Library?

2

It would be great if there would be like a shared library for creating the sandbox. Otherwise i would have to spawn a child process for interacting with this software.

0xIO32

tests: use stat -c instead of --format for compatibility

2

eg. busybox stat only has -c and not --format

sertonix

Remove autotools build system

2

WhyNotHugo

Static analyzers see opt_args_data as leaked (but the leak is O(1) therefore not a real problem)

1

Possible RESOURCE_LEAK on scan: ``` 56. bubblewrap-0.9.0/bubblewrap.c:1703:11: alloc_fn: Storage is returned from allocation function "load_file_data". 57. bubblewrap-0.9.0/bubblewrap.c:1703:11: var_assign: Assigning: "opt_args_data" = storage returned from "load_file_data(the_fd, &data_len)". 59. bubblewrap-0.9.0/bubblewrap.c:1708:11: var_assign: Assigning:...

jmarrero

bubblewrap misuses CMSG_DATA() macro

1

cmsg(3) says: ``` CMSG_DATA() returns a pointer to the data portion of a cmsghdr. The pointer returned cannot be assumed to be suitably aligned for accessing arbitrary payload data types....

mcatanzaro

The bwrap main process will write the the JSON in to those options as soon as it forks: https://github.com/containers/bubblewrap/blob/8e51677abd7e3338e4952370bf7d902e37d8cbb6/bubblewrap.c#L2922 However, the child process still has a lot of initialization steps...

igo95862

`--die-with-parent` fails to clean up due to a race condition if the parent bwrap process is killed soon after startup

1

``` $ cat bwrap_race.sh echo "BASHPID=$BASHPID" bwrap --die-with-parent --dev-bind / / --unshare-pid -- sleep 1234 & BWRAP_PARENT=$! echo "BWRAP_PARENT=$BWRAP_PARENT" BWRAP_CHILD=$(ps axo ppid,pid | grep -P "^$BWRAP_PARENT " | awk '{print...

artli

Mount private information leakage

5

It would appear that some information is leaking somehow. The mount command is able to reveal information such as: /dev/mapper/vg_unique_name on /lib type ext4 (ro,nosuid,nodev,relatime) When using --ro-bind /path/rootfs/lib /lib...

voidastro4

Before Meson 1.3.0, this would not do what we meant (instead defining prefix to a wrong value composed from the remaining arguments). The only reason we needed to redefine prefix...

smcv