bubblewrap

bubblewrap copied to clipboard

Entering an existing sandbox created by bubblewrap without special privileges

1

`bubblewrap` creates namespaces without special privileges, but it can only create new ones. In order to enter those namespaces, `nsenter` should be run with `CAP_SYS_ADMIN`. In the GNOME launcher we...

amtlib-dot-dll

Cannot execute any commands

4

Hi, I cannot execute any commands with ```bwrap```. I have the following error message on Debian. ```sh $ bwrap --help bwrap: prctl(PR_SET_NO_NEW_CAPS) failed: Invalid argument ```

KihongHeo

Bubblewrap vs nsjail?

2

Is there a reason the the (seemingly) overlapping functionality of bubblewrap to the Google nsjails project?

nwmcsween

Code issues

5

Running bubblewrap through the static code analytics tool sonarqube revealed some areas that need a closer look: https://sonarcloud.io/dashboard?id=noppnopp_bubblewrap If I am not mistaken, the "vulnerabilities" listed regarding strcpy and strcat...

noppnopp

Allow setting noexec flag for newly created filesystems

1

On systems which strictly use noexec flag for filesystems, creating new, arbitrary ones with exec flag means apps in sandbox will have more privileges than they would have on host....

Maryse47

OpenShift Prow onboarding: Create OWNERS file to use

2

This repository currently uses [PAPR](https://github.com/projectatomic/papr/) which is in the process of being decomissioned. There is no one successor to PAPR; Github has a powerful pluggable API for CI, and you...

cgwalters

Design for setting up fuse mounts (setuid)

20

If I try to mount a encfs folder inside bwrap, I get the error: ```fuse: device not found, try 'modprobe fuse' first``` The fuse module is loaded, and encfs works...

robsmith11

Example in REAMDE does not work

3

Running the example in the README yields: ``` $ bwrap --ro-bind /usr /usr --symlink usr/lib64 /lib64 --proc /proc --dev /dev --unshare-pid bash bwrap: execvp bash: No such file or directory...

Chris00

--unshare-user doesn't work when procfs mounted with hidepid=1

3

I've received this bug report in Debian: . The rest of this issue report is quoting Guilhem Moulin. --- I noticed that bubblewrap refuses to create a new user namespace...

smcv

Functionality of the --dev-flag/can't enter bwrapped namespace due to nesting (opt_needs_devpts)

1

So, I've been using bubblewrap to isolate environments and I've been using the "--dev" option to populate /dev in the mount namespace. Unfortunately I can't enter the created namespaces with...

flxmr