We've got a lot of new features and bugfixes since 0.1.8. Let's cut a new
release before we start landing even more things like the `pivot_root()` PR.
Closes: #232
Approved by: smcv
The main thing this gets us is the ability to see when the build-time
test was skipped.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #229
Approved by: cgwalters
When using namespaces, permit to leave some capabilities in the
sandbox. This can be helpful to run a system instance of systemd.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #101
Approved by: alexlarsson
Some distributions may want to enforce this in the privileged case;
it enforces stronger isolation rather than allowing users to
cherry-pick namespaces.
Closes: #141
Closes: #159
Approved by: valoq
The setcaps version needs all sorts of caps anyway, so its not
really a more secure version, just more complicated. Additionally, in
the future we want to rely on being uid 0 to avoid ptrace:ability
when using user namespaces.
Closes: #116
Approved by: cgwalters
This is just the beginning of a framework for bash completions.
Current completions just give you the list of options available.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
Closes: #30
Approved by: alexlarsson
Greater visibility for these is useful. (Alternatively, autoconf
could be less verbose but I'm assuming that's not going to happen
before the sun explodes).
Pull request: #28
Approved by: alexlarsson
With this you can e.g. :
./configure --enable-sudo --with-priv-mode=setcaps
make
make install
and it will ask you for sudo password and then make the final binary
have the right capabilities set.
This is not needed when setting such persmissions in e.g. a spec file, but
it is useful for developers building bubblewrap.
Pull request: #26
Approved by: cgwalters
