Simon McVittie
Simon McVittie
This still needs an automated test, and needs testing on a system where setuid bwrap is required (e.g. Debian 10).
> Note that this would also block exploiting vulnerabilities like https://github.com/advisories/GHSA-9v26-h3ph-p8v7 without relying on some form of syscall filtering That's almost exactly my motivation for this: at the moment, Flatpak...
> This still needs an automated test I added one. > needs testing on a system where setuid bwrap is required (e.g. Debian 10) On such systems, this feature doesn't...
> there are possible issues with the way flatpak relies on the 2 nested user namespaces, with the --userns2 argument in the parent_expose_pids || parent_share_pids support. In this case we...
This is how Unix directories work. `bwrap` binds `SRC` into the container, but `rm -fr SRC` will delete all the files from `SRC`; the bind-mount points to the same directory...
> unprivileged user namspaces have a huge attack surface They do have a rather smaller attack surface inside bubblewrap, because `NO_NEW_PRIVS` should prevent any attack that relies on (ab)using a...
If you add the new options to this PR and force-push, that would certainly be an improvement!
bubblewrap isn't really designed to be a user-facing tool. It is setuid root (on some systems) and needs to remain minimal in order to be secure: each new feature is...
> Perhaps someone else should just make a separate project doing that Maybe you are the "someone" here? :-)
@RyuzakiKK, perhaps you could do some not-a-maintainer review here?