projectatomic/bubblewrap
1
0
Fork 0
mirror of https://github.com/projectatomic/bubblewrap.git synced 2026-02-06 00:45:49 +01:00
Code Issues Releases Activity

Commit Graph

  • cfa39516c8 Merge pull request #405 from smcv/create-mountpoint-ro Colin Walters 2021-04-16 09:16:58 -04:00
  • 411135b279 Create files as mount points with read-only permissions Simon McVittie 2021-02-16 10:44:34 +00:00
  • 6db33cdcb2 Fix --cap-add and --cap-drop completions Harald Kubota 2021-03-12 21:23:04 +09:00
  • 741f371e22 Add zsh completion Harald Kubota 2021-03-12 21:10:06 +09:00
  • e1b11e6592 Merge pull request #408 from giuseppe/fix-man-page Colin Walters 2021-02-22 12:54:31 -05:00
  • 4af205a7f1 bwrap.xml: clarify BPF variant Giuseppe Scrivano 2021-02-22 17:01:58 +01:00
  • 04c0ca17ad Add support for bind-mount on case-insensitive filesystems Ludovico de Nittis 2021-02-16 13:46:10 +01:00
  • 81af7d7d0e ensure pkg-config is found Jonas Jelten 2020-02-29 20:04:28 +01:00
  • bae85baf72 Merge pull request #389 from mwleeds/fix-op-shadow Alexander Larsson 2020-09-14 10:34:16 +02:00
  • a6f02a3043 Fix shadow of previous local Phaedrus Leeds 2020-09-11 21:07:17 -07:00
  • 4e310cadf6 Merge pull request #386 from juergbi/proc-erofs Colin Walters 2020-08-25 11:48:33 -04:00
  • 4f76b9e421 Merge pull request #383 from TimothyEBaldwin/fixtest Colin Walters 2020-08-25 11:28:55 -04:00
  • 4c35d7a5f9 Accept EROFS for access() check of /proc entries Jürg Billeter 2020-08-18 17:33:49 +02:00
  • 598e586c91 Fix Test - $BWRAP is inaccessable when run sudo root Timothy E Baldwin 2020-07-30 19:42:28 +01:00
  • 2564824e10 Fix Test - /proc mismatches pid namespace Timothy E Baldwin 2020-07-30 19:42:28 +01:00
  • af30473596 Merge pull request #379 from smcv/no-new-typos Colin Walters 2020-05-23 11:08:33 -04:00
  • e8f67bc6c9 Correct name of PR_SET_NO_NEW_PRIVS in error message Simon McVittie 2020-05-23 15:33:20 +01:00
  • a9700fa13c Merge pull request #374 from TomSweeneyRedHat/sec Colin Walters 2020-05-19 14:42:14 -04:00
  • 04ad0edef0 Merge branch 'master' into sec Colin Walters 2020-05-19 14:42:02 -04:00
  • 4e9e6f7ee4 Merge pull request #377 from cgwalters/silence-is-golden Colin Walters 2020-05-19 08:21:05 -04:00
  • 765dd0e94f Add MS_SILENT to most mount() invocations Colin Walters 2020-05-18 21:20:43 +00:00
  • fade5ba881 Add Security Policy TomSweeneyRedHat 2020-05-09 14:04:44 -04:00
  • 5feb64dc60 Bump version to 0.4.1 v0.4.1 Alexander Larsson 2020-03-30 15:10:44 +02:00
  • 1f7e2ad948 Merge pull request from GHSA-j2qp-rvxj-43vj Alexander Larsson 2020-03-30 15:08:41 +02:00
  • 38dd7e4bb8 Merge pull request #354 from ckastner/master Alexander Larsson 2020-03-30 12:46:53 +02:00
  • 6f815ceead drop_privs: More explicit argument name Alexander Larsson 2020-03-30 12:31:36 +02:00
  • 61955e933d Don't support --userns2 in setuid mode Alexander Larsson 2020-03-27 08:28:26 +01:00
  • 5404a15d34 Don't rely on geteuid() to know when to switch back from setuid root Alexander Larsson 2020-03-26 15:36:44 +01:00
  • 3ace81ca07 Merge pull request #351 from containers/drop-cap-bounding-set-2 Alexander Larsson 2020-03-16 14:18:07 +01:00
  • 8b170a9a91 tests: Update output patterns for libcap >= 2.29 Christian Kastner 2020-02-19 10:03:05 +01:00
  • a9556223de Ensure we're always clearing the cap bounding set drop-cap-bounding-set-2 Alexander Larsson 2020-02-17 09:08:38 +01:00
  • 8e27bbbde7 Merge pull request #347 from TomSweeneyRedHat/coc Alexander Larsson 2020-02-10 20:26:48 +01:00
  • 515a1b120b Add Code of Conduct TomSweeneyRedHat 2020-02-08 15:40:04 -05:00
  • bd3e8e6690 retcode: fix return code with syncfd and no event_fd auto Jean-Baptiste BESNARD 2019-08-01 17:43:35 +02:00
  • 5a3818e742 retcode: fix return code with syncfd and no event_fd homu-tmp Jean-Baptiste BESNARD 2019-08-01 17:43:35 +02:00
  • a744bda314 Use python3 for userns-block-fd.py Martin Krajnak 2020-01-17 14:40:05 +01:00
  • 086a250655 tests: Use python3 for lockf-n.py Martin Krajnak 2020-01-17 12:11:15 +01:00
  • 320c0a442c Bump 0.4.0 v0.4.0 Alexander Larsson 2019-11-27 13:36:24 +01:00
  • ff533b84d0 Merge pull request #338 from containers/reuse-namespaces Alexander Larsson 2019-11-27 13:33:42 +01:00
  • 7a8e3de7e0 --userns --uid: Only swtich user if needed reuse-namespaces Alexander Larsson 2019-11-27 12:10:09 +01:00
  • 86e16d7aaa tests: Fix --userns tests Alexander Larsson 2019-11-27 09:49:55 +01:00
  • e9980e36fc Allow --uid and --gid with --userns Alexander Larsson 2019-11-27 09:33:52 +01:00
  • d3c1c74c97 Drop cap bounding set also in --userns case Alexander Larsson 2019-11-27 09:25:25 +01:00
  • 3993653556 Fix typo in comment Alexander Larsson 2019-11-26 13:41:42 +01:00
  • 3e5fe1bfba tests: Better error message if assert_files_equal fails Alexander Larsson 2019-11-26 09:25:15 +01:00
  • 1402b0c41b Add tests for --pidns Alexander Larsson 2019-11-22 11:21:07 +01:00
  • 46c7f1cca5 Add support for --pidns Alexander Larsson 2019-11-21 16:56:15 +01:00
  • 4a7ecc630f utils: Add fork_intermediate_child() helper Alexander Larsson 2019-11-21 16:54:06 +01:00
  • d068ec2bfa utils: Add some utility function to pass pids over a socket Alexander Larsson 2019-11-21 16:53:15 +01:00
  • c5c999a750 tests: test --userns Alexander Larsson 2019-11-21 16:45:21 +01:00
  • 75c2d94de8 Add support for --userns and --userns2 Alexander Larsson 2019-11-21 15:30:03 +01:00
  • 23d3b63924 Mark init process as dumpable so we can see stuff in its /proc Alexander Larsson 2019-11-21 18:29:51 +01:00
  • f9f6127474 setuid mode: Properly drop privs in monitor and pid1 Alexander Larsson 2019-11-21 18:25:35 +01:00
  • 2b01f06535 Tests: Fix test count Alexander Larsson 2019-11-21 15:39:30 +01:00
  • 300da62ab6 Add work-around for TEMP_FAILURE_RETRY to support musl shawrkbait 2018-10-08 14:24:05 -05:00
  • 93047df605 tests: check namespace info in json Christian Kellner 2019-09-05 18:10:49 +02:00
  • cfe409efbf bwrap: include the pid namespace id in status/json Christian Kellner 2019-06-27 11:32:30 +02:00
  • 5a76f51dc6 bwrap: set opt_unshare_cgroup when _try succeeds Christian Kellner 2019-06-27 16:05:43 +02:00
  • c0d6b4b27d ci: Bump to fedora/29/atomic Jonathan Lebon 2019-09-06 11:57:42 -04:00
  • 5e932e4f5b Post-release version bump Colin Walters 2019-05-01 08:53:59 +00:00
  • bc13e228d1 Bump to 0.3.3 v0.3.3 Colin Walters 2019-05-01 08:51:47 +00:00
  • 8f457ee286 tests: Ensure that tmpfs with oldroot/newroot doesn't appear in container v0.3.2 Simon McVittie 2019-03-05 08:36:55 +00:00
  • efc89e3b93 Don't create our own temporary mount point for pivot_root Simon McVittie 2019-03-02 12:09:03 +00:00
  • 1622673a4d Print "Out of memory" on stderr, not stdout Jakub Wilk 2019-02-26 18:11:31 +01:00
  • cc44544f8c Fix typos Jakub Wilk 2019-02-26 17:59:23 +01:00
  • 94147e233f bwrap: Report COMMAND exit code in json-status-fd Richard Maw 2018-10-03 17:15:37 +01:00
  • f6acd3551e bwrap: add option json-status-fd to show child exit code Richard Maw 2018-09-24 13:17:51 +01:00
  • 8fc5a96b3e Revert "README.md: Delete cat logo picture (not DFSG compliant)" Richard Maw 2018-10-04 13:47:35 +01:00
  • 5739fa370f Make lockdata long enough on 32-bit with 64-bit file pointers. Timothy E Baldwin 2018-09-01 21:37:15 +01:00
  • 591b9dd90f man page: Describe --chdir, not nonexistent --cwd Simon McVittie 2018-10-01 10:39:39 +01:00
  • 0148dd34bb tests: Handle systems without merged-/usr Iain Lane 2018-09-28 11:39:47 +01:00
  • 6054b54fd8 WSL: Disable network namespaces wip/WSL Alexander Larsson 2018-09-17 09:33:20 +01:00
  • 9dc34989c6 WSL: Disable read-only bind mount Alexander Larsson 2018-09-17 09:22:48 +01:00
  • e62e956643 WSL: Enforce uid/gid for tmpfs Alexander Larsson 2018-09-14 15:47:27 +01:00
  • 37cba1851b WSL: Handle missing standard /dev nodes Alexander Larsson 2018-09-14 15:11:40 +01:00
  • 088c24d1d5 WSL: Don't fail if MS_SLAVE not working Alexander Larsson 2018-09-14 11:21:21 +01:00
  • e7b517f409 Post-release version bump to 0.3.1 v0.3.1 Alexander Larsson 2018-08-09 15:21:44 +02:00
  • d3515d80d4 Add --bind-try options Patrick Griffis 2018-08-06 12:52:41 -04:00
  • 62e42c971f Fix doc typo Closes: #280 Approved by: cgwalters chocolateboy 2018-07-26 10:35:43 +01:00
  • b3906bbf1a Use "tmpfs" instead of empty string for mount Colin Walters 2018-07-12 21:35:53 +00:00
  • ace88fca7a Release 0.3.0 v0.3.0 Colin Walters 2018-07-11 10:13:24 -04:00
  • 2105ff8ba4 Fix leak detected by LSan/ASan Olivier Blin 2018-06-07 10:55:34 +02:00
  • 5991dab74b ci: Update to FAH27 Colin Walters 2018-04-26 17:05:45 -04:00
  • ed9e9293d5 Add --close-fd argument create-socket Alexander Larsson 2018-05-14 18:03:48 +02:00
  • 00100eebe3 Add support for --socket FD PATH Alexander Larsson 2018-05-14 17:27:12 +02:00
  • 56609f8647 bwrap, pivot_root: do not require write access to the rootfs Giuseppe Scrivano 2018-04-23 16:54:29 +02:00
  • 04a212062b bwrap: do not always make /proc/{sys,sysrq-trigger,irq} ro Giuseppe Scrivano 2018-02-23 12:52:02 +01:00
  • 3ce7c8281f Use pivot_root() instead of chroot() for final root Colin Walters 2017-06-22 14:31:37 -04:00
  • fbee75d551 Add "--" pseudo-argument to end option parsing Simon McVittie 2017-09-22 14:31:36 +01:00
  • 5f27455af6 Release 0.2.1 v0.2.1 Alexander Larsson 2018-04-06 16:55:29 +02:00
  • 1e90a18a08 Don't rely on mkdir returning EEXISTS (fixing NFS) Alexander Larsson 2018-03-14 15:22:12 +01:00
  • 3c488585bd userns-block-fd: Add support for Python 3 Simon McVittie 2017-10-31 15:27:43 +00:00
  • b8fa270e89 userns-block-fd: Search the PATH for bwrap Simon McVittie 2017-10-31 15:21:37 +00:00
  • 30338c3f0d userns-block-fd: Search $PATH for python Simon McVittie 2017-10-31 15:20:49 +00:00
  • 4ff4c9286f README.md: Remove double dots Marcos Paulo de Souza 2017-10-30 21:38:05 -02:00
  • 4dbc7e7490 Remove O_RDONLY flag when O_PATH is used Marcos Paulo de Souza 2017-10-30 00:00:17 -02:00
  • cfedbcd888 bubblewrap: Do not leak FDs dedicated to setup_newroot Mickaël Salaün 2017-10-29 13:19:10 +01:00
  • 2735a0a72c Skip prctl(PR_CAP_AMBIENT) if PR_CAP_AMBIENT isn't defined Simon McVittie 2017-10-27 16:50:47 +01:00
  • 1c775f43e6 build: Include various interesting files in tarballs Simon McVittie 2017-10-09 16:54:43 +01:00
  • 96fee6f4f7 bwrap: Second attempt at fixing an argv handling leak Philip Withnall 2017-10-10 11:56:17 +01:00