bubblewrap

projectatomic/bubblewrap

Fork 0

mirror of https://github.com/projectatomic/bubblewrap.git synced 2026-02-05 15:45:22 +01:00

Commit Graph

Author	SHA1	Message	Date
Simon McVittie	795eeee77e	README, SECURITY: Clarify that bubblewrap does not define a security model bubblewrap can provide a robust security boundary that severely limits functionality, or it can provide full functionality without any attempt at being a security boundary, or anything in between those extremes. If a caller of bubblewrap chooses inappropriate command-line arguments for their desired security model, then bubblewrap will not provide the security model they are aiming for, but this is not a bubblewrap vulnerability. Apparently this isn't clear to everyone, so try to clarify. The one place where bubblewrap does define some sort of security policy for itself is when it's setuid root, in which case it's responsible for preventing users from carrying out privilege escalation attacks like CVE-2020-5291. Resolves: https://github.com/containers/bubblewrap/issues/555 Signed-off-by: Simon McVittie <smcv@collabora.com>	2023-03-30 14:34:17 +02:00
Simon McVittie	4914bc8a18	Use HEAD to refer to other projects' default branches in documentation This makes the URL independent of the name they have chosen for their default branches. Signed-off-by: Simon McVittie <smcv@collabora.com>	2022-02-13 21:06:50 +00:00
TomSweeneyRedHat	fade5ba881	Add Security Policy As the title says Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>	2020-05-09 14:06:38 -04:00

Author

SHA1

Message

Date

Simon McVittie

795eeee77e

README, SECURITY: Clarify that bubblewrap does not define a security model

bubblewrap can provide a robust security boundary that severely limits
functionality, or it can provide full functionality without any attempt
at being a security boundary, or anything in between those extremes.
If a caller of bubblewrap chooses inappropriate command-line arguments
for their desired security model, then bubblewrap will not provide the
security model they are aiming for, but this is not a bubblewrap
vulnerability.

Apparently this isn't clear to everyone, so try to clarify.

The one place where bubblewrap *does* define some sort of security
policy for itself is when it's setuid root, in which case it's
responsible for preventing users from carrying out privilege escalation
attacks like CVE-2020-5291.

Resolves: https://github.com/containers/bubblewrap/issues/555
Signed-off-by: Simon McVittie <smcv@collabora.com>

2023-03-30 14:34:17 +02:00

Simon McVittie

4914bc8a18

Use HEAD to refer to other projects' default branches in documentation

This makes the URL independent of the name they have chosen for their
default branches.

Signed-off-by: Simon McVittie <smcv@collabora.com>

2022-02-13 21:06:50 +00:00

TomSweeneyRedHat

fade5ba881

Add Security Policy

As the title says

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>

2020-05-09 14:06:38 -04:00

3 Commits