Timothy Hobbs

I've run into this before, and my solution has always to be to change the "executable" to a script that autocreates anything that needs to be created. With stateful-home turned...

Here is my current plan, in part to break up subuser to make it less monolithic, and in part to move away from Docker which is also too monolithic. There...

I searched for this, but couldn't find it. I don't think that it is possible. I also found many claims that it is not desireable, because most distributions rely on...

Yes, I saw that article. Which really seems to give the impression that the only way is to remove suid bits. We even have a good place to put that...

If you want to play with this, I would suggest, writing some really crapy code quickly, to get rid of the suid bits and see if anything breaks. Don't invest...

Oops, I just realized that modifying the run ready image Dockerfile might not work in this case because it would be possible for a malicious image to interfere with any...

Thank you for testing this out. I will resolve this once a good, elegant, solution appears. Which might not be untill subuser moves from working through Docker to calling runc...

First off, subuser itself does not ever run as root, Docker does. But that is irrelivant. Docker and xdg-app both use the same sandboxing mechanism, only xdg-app uses user-namespaces. Whether...

EDIT: The `docker-image` directory is now just the `image` directory. debian:sid isn't exactly directly encoded in the source code. What is going on, is that subuser is trying to install...

https://github.com/subuser-security/subuser/issues/253