Jan Wrobel

The closed issue https://github.com/containers/bubblewrap/issues/330 could potentially be addressed with LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET introduced by Landlock ABI v6: > LANDLOCK_SCOPE_ABSTRACT_UNIX_SOCKET > This limits the set of abstract unix(7) sockets to which we can...

> > without having access to X11 > > `/tmp/.X11-unix` Restricting access to `/tmp/.X11-unix` is already possible with bind mounts, but restricting access to abstract sockets, such as `@"/tmp/.X11-unix/X0"` is...

Following the discussion on the _#buildpack-authors_ Slack channel, I have studied the '**Flexible Process Types**' proposal regarding the use case: > > Is there a way for an executable included...

I found an alternative solution for `/etc/resolv.conf` being a link to a location that is not accessible in the container; perhaps it could be useful to someone. You can use...