bubblewrap
bubblewrap copied to clipboard
containers
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
where can I find more documentation? Yes, I've read Readme.md, and I've found https://wiki.archlinux.org/index.php/Bubblewrap and https://wiki.archlinux.org/index.php/Bubblewrap, but I really would love to see some kind of a reference documentation. --...
I am using bubblewrap to wrap a CUDA application. However, I cannot find any information on how to properly forward nvidia drivers. I am assuming this can be done because...
Having both tried on Ubuntu 16.04 and 18.04 compiling bubblewrap fails with the following error when running autogen.sh: ``` ./configure: line 5312: syntax error near unexpected token `BASH_COMPLETION,' ./configure: line...
I want the app in container always see DEST same as my SRC ``` bwrap --dev-bind / / --ro-bind SRC DEST in-container-app ``` Some programs outside container delete DEST and...
it would be really helpful to limit the amount of space.
I intermittently see `test-run.sh` fail with: ``` Unable to lock file /var/tmp/tap-test.nlbsH3/lock: Resource temporarily unavailable ``` I believe this is a race condition between the `lockf-n.py` and `bwrap` children of...
When opening a media file with a media player, is there a way to script bwrap to have the media player be blind to the entire filesystem except for that...
When the target of --bind is a symlink, bubblewrap fails. [root@localhost ~]# mkdir /usr/local/foo [root@localhost ~]# ln -sf /usr/local/foo /usr/local/cow [root@localhost ~]# mkdir /tmp/bar [root@localhost ~]# bwrap --dev-bind / /...
It has been discussed before here and the problem seemed to have to do with privilege. But assuming you don't care to be unprivileged when you do it, how do...
In some sandboxed applications like the example code in libseccomp the PR_SET_DUMPABLE is set to 0 to prevent escape via ptrace However here https://github.com/containers/bubblewrap/blob/1f7e2ad948c051054b683461885a0215f1806240/bubblewrap.c#L852 bubblewrap is set as traceable instead....
Metadata
Owner
Metadata
Low-level unprivileged sandboxing tool used by Flatpak and similar projects