bubblewrap

bubblewrap copied to clipboard

Overlay arguments on DM-Verity / with overlayfs results in userxattr: Invalid argument

5

```bash /bin/bwrap \ --unshare-pid \ --unshare-uts \ --unshare-cgroup \ --unshare-user \ --new-session \ --ro-bind-try /etc/ssl/certs/ca-bundle.crt /etc/ssl/certs/ca-bundle.crt \ --ro-bind-try /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt \ --ro-bind-try /etc/resolv.conf /etc/resolv.conf \ --ro-bind-try /etc/hosts /etc/hosts \ --ro-bind-try...

unforgivablesin

Have a specific exit code for when sandboxing is not possible

2

Since there are a bunch of environments where sandboxing doesn't work like in a libgnome-desktop sandbox or some CIs, we want to do opportunistic sandboxing. We are now doing this...

sophie-h

Execution issue when rootfs is mounted twice "Can't bind mount /oldroot/dev/null on /newroot/dev/null: No such file or directory"

6

Greetings, sometimes our CI jobs fails when bwrap fails to start and dies with this message: "bwrap: Can't bind mount /oldroot/dev/null on /newroot/dev/null: No such file or directory" It seems...

TristanCacqueray

Add a `--netns FD` option for preexisting namespaces

1

The use case is for sandboxing a network service. I already have set up network namespaces to use, however bubblewrap doesn't seem to provide the option to use an already-existing...

AncientRepositoryOfKnowledge

Ability to share IPv4/IPv6 network but prevent access to abstract Unix sockets

6

Hey all, so I was thinking about using bubblewrap for some applications, which I would like to not use in a VM and for which I kept a separate user...

flxmr