Simon McVittie
Simon McVittie
> I don't know if it's a hardware issue I doubt it. Everything involving `unshare()` should be purely software, except that some limits will scale with the amount of RAM...
This is `ENOSPC`, documented in `unshare(2)` as: ``` ENOSPC (since Linux 3.7) CLONE_NEWPID was specified in flags, but the limit on the nesting depth of PID namespaces would have been...
> Added spaces to make the trailing line-continuation slashes all line up in the same column I personally think this doesn't make it any prettier, and the need to redo...
> group together flags of same kind This does maybe make sense, although the order of parameters to `bwrap` does matter - many of the parameters manipulate the filesystem in...
What Linux kernel version are you running on? `PR_SET_NO_NEW_PRIVS` was new in Linux 3.5. (The error message talks about `PR_SET_NO_NEW_CAPS`, but that's a typo; it should say `PR_SET_NO_NEW_PRIVS`.) Are you...
> Does this package support the macOS operating system? No. It uses Linux namespaces, which are specific to the Linux kernel.
This should be straightforward to implement. Are you intending to submit a merge request for this?
> If I understand it correctly, this would allow to reload some child processes by sending SIGHUP to bwrap Only if bwrap *specifically* catches and forwards SIGHUP - #402 only...
> we could argue that bwrap-using software like flatpak should implement a shell command which would inject code into the container to allocate a pty and run a shell with...
> So if there are multiple real users on your system, or if you run public available services without bubblewrap, then its probably a good idea to have kernel.unprivileged_userns_clone disabled....