bubblewrap

bubblewrap copied to clipboard

Can't find source path /mnt: Permission denied

1

`bbwrap` fails to run when an sshfs is already mounted under /mnt as root on the host. versions: ------------ bubblewrap-0.4.1-2.fc33.x86_64 flatpak-1.10.2-3.fc33.x86_64 reproduce ------------- 1. mount an SSHFS from anywhere **as...

fabricemarie

Using bwrap as a shell for logged users.

1

Hello, Im using bwrap as a shell based on your example: [email protected]:[]:#> cat /etc/passwd | grep edek edek: x :1004:1006::/home/edek:/usr/bin/dupa [email protected]:[]:#> cat /usr/bin/dupa #!/usr/bin/env bash set -euo pipefail (exec bwrap...

bryn1u

What causes the following behavior? ``` $ bwrap --dev-bind / / bash -c "ls /proc/$$/exe" ls: cannot access '/proc/396260/exe': Permission denied ``` I have program that checks /proc/$ppid/exe to check...

agorgl

agrobman

ctrl+c sends SIGINT to bubblwrap instead of child process

8

Here is a dumb python program where the issue happens: ``` import signal import asyncio loop = asyncio.new_event_loop() asyncio.set_event_loop(loop) def interrupt(): s = input("test") print(s) loop.stop() loop.add_signal_handler(signal.SIGINT, interrupt) loop.run_forever() loop.remove_signal_handler(signal.SIGINT)...

valentindavid

[Feature request] Joining a netns or create an ns connected to an interface

1

Wish a feature like firejail's : ``` --net=bridgename - enable network namespaces and connect to this bridge. --net=ethernet_interface - enable network namespaces and connect to this Ethernet interface. --net=none -...

garywill

All MRs that add unit tests conflict with each other

1

To reproduce: * Add a feature, write tests for it, and push a MR * Add another feature, write tests for it, and push a MR Expected result: maintainers can...

smcv

Define clear owners/maintainers

5

I'm mostly just using bubblewrap as a dependency of rpm-ostree's script sandboxing; we're not trying to protect against malicious attacks, and it's mostly feature complete from my PoV, although overlayfs...

cgwalters

[Feature] overlayfs mounts

5

There is already pull request #167 from four years ago that implements exactly this feature, but it was abandoned due to security concerns regarding overlayfs. However, nowadays there is [fuse-overlayfs](https://github.com/containers/fuse-overlayfs),...

georgeto

Can ease of use be closer to that of firejail?

8

Firejail has profiles and provides lots of default ones. Analogous to the commandline arguments, as far as i can see. To make things defaultly run with `firejail`, you symlink from...

o-jasper