WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: bubblewrap  (Read 299 times)

Offline mocore

  • Hero Member
  • *****
  • Posts: 616
  • ~.~
bubblewrap
« on: August 14, 2024, 05:41:10 AM »


https://github.com/containers/bubblewrap

Many container runtime tools like systemd-nspawn, docker, etc. focus on providing infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users, because it is trivial to turn such access into a fully privileged root shell on the host.

....
Bubblewrap could be viewed as setuid implementation of a subset of user namespaces.
....
The original bubblewrap code existed before user namespaces - it inherits code from [1]xdg-app helper which in turn distantly derives from [2]linux-user-chroot.

1- https://cgit.freedesktop.org/xdg-app/xdg-app/tree/common/xdg-app-helper.c?id=4c3bf179e2e4a2a298cd1db1d045adaf3f564532

2- https://git.gnome.org/browse/linux-user-chroot


it appears to be in the repo

http://www.tinycorelinux.net/15.x/x86_64/tcz/bwrap.tcz.info ( thanks to juanito  ;) )

http://www.tinycorelinux.net/15.x/x86_64/tcz/src/bwrap/compile_bwrap


and this is seemingly the relevant forum section

is any one using it ?! ( other than as a dependency of some other package ? ... the only search results appeared to be mentioned as a dependency )


« Last Edit: August 14, 2024, 05:44:03 AM by mocore »