projectatomic/bubblewrap
1
0
Fork 0
mirror of https://github.com/projectatomic/bubblewrap.git synced 2026-02-06 00:45:49 +01:00
Code Issues Releases Activity

Commit Graph

  • c33f351286 tests: Correct number of tests in test-run.sh Philip Withnall 2017-10-10 11:55:41 +01:00
  • b3fe1718b6 Release 0.2.0 v0.2.0 Colin Walters 2017-10-06 13:47:05 -04:00
  • 53e25a2e8a bash completion: add --new-session Vasya Novikov 2017-10-08 23:17:05 +03:00
  • 495efec743 bash completion: fix code style Vasya Novikov 2017-10-08 23:06:08 +03:00
  • 7265e0351d bash completion: remove duplicates Vasya Novikov 2017-10-08 23:05:26 +03:00
  • c09c1e5307 Prefix error messages with program name Vladimir Panteleev 2017-10-08 06:56:09 +00:00
  • 27eb690508 Avoid leaking --args-fd to child process Colin Walters 2017-10-01 08:56:28 -07:00
  • a4e7fe91fb add --unshare-all completion Vasya Novikov 2017-10-06 20:07:17 +03:00
  • 1d1988f0e9 tests: Fix a race condition between attempts to lock a file Simon McVittie 2017-10-06 16:58:34 +01:00
  • 062e55e551 tests: Add basic test coverage for --args Simon McVittie 2017-10-06 17:25:50 +01:00
  • 5695868459 Partially revert "bubblewrap: Fix a minor memory leak in --args handling" Simon McVittie 2017-10-06 17:29:11 +01:00
  • dbcbcdf4f5 tests: Ensure non-root users have access to libcap tools Simon McVittie 2017-10-06 16:15:57 +01:00
  • 3983c1c34d tests: Produce finer-grained TAP output Simon McVittie 2017-10-06 16:53:51 +01:00
  • 6ea0642ac9 tests: Interpret stdout as TAP syntax Simon McVittie 2017-10-06 16:32:29 +01:00
  • 6d82e00088 tests: Send diagnostics to stderr Simon McVittie 2017-10-06 16:23:32 +01:00
  • f05af94c93 tests: Improve diagnostics if non-root caps test fails Simon McVittie 2017-10-06 16:19:10 +01:00
  • e54e798b2b tests: Don't write to predictable filenames in /tmp Simon McVittie 2017-10-06 16:17:17 +01:00
  • 6ddebeedb1 acquire_privs: Cosmetic change to reduce indentation Marcos Paulo de Souza 2017-09-25 23:01:54 -03:00
  • 5b91b3429d bubblewrap.c: Fix typo secomp -> seccomp in drop_all_caps Marcos Paulo de Souza 2017-09-25 23:19:38 -03:00
  • 4766393268 bubblewrap: Remove not needed MS_MGC_VAL mount flag Marcos Paulo de Souza 2017-09-25 23:27:29 -03:00
  • e98443065f With --dev, add /dev/fd and /dev/core symlinks Colin Walters 2017-08-08 21:05:05 -04:00
  • ec5093d57d bubblewrap: check for max_user_namespaces == 0 Tristan Cacqueray 2017-09-15 21:52:40 +00:00
  • 8ee3ca50e7 Distribute test helper library Simon McVittie 2017-08-29 14:48:14 +01:00
  • 40b3468782 main: Fix typo, tweak command line argument descriptions Colin Walters 2017-08-24 09:17:03 -04:00
  • 5276f816ea bubblewrap: Add various assertions on SetupOp handling Philip Withnall 2017-08-15 12:13:25 +01:00
  • bad354c5e0 bubblewrap: Close FDs on exiting PID 1 Philip Withnall 2017-08-15 12:11:57 +01:00
  • 4b8fa95704 bubblewrap: Fix a minor memory leak in --args handling Philip Withnall 2017-08-15 12:11:04 +01:00
  • f65f918967 bubblewrap: Improve const-correctness of argv handling Philip Withnall 2017-08-15 12:10:09 +01:00
  • abc5664456 Retain all caps when invoked by uid 0, work around systemd seccomp filter Colin Walters 2017-08-08 20:53:31 +00:00
  • b9c564dbe0 README.md: Delete cat logo picture (not DFSG compliant) Colin Walters 2017-08-08 17:26:23 -04:00
  • e745b94997 tests: Import libtest-core.sh from ostree Colin Walters 2017-06-30 15:42:20 -04:00
  • 9c0753aa5a ci: rename files to new name and bump to f26 Jonathan Lebon 2017-07-27 09:43:49 -07:00
  • 8f3f0abe76 README.md: add bwrap-oci to the list of users Giuseppe Scrivano 2017-07-12 10:28:24 +02:00
  • 215aa3eec9 tests: add tests for --cap-add Giuseppe Scrivano 2017-06-29 18:34:40 +02:00
  • cde7fab7ec bubblewrap: do not always leave caps in the unprivileged case Giuseppe Scrivano 2017-06-29 14:26:55 +02:00
  • e4cd0e2eaa bubblewrap.c: fix typo Giuseppe Scrivano 2017-06-29 14:52:02 +02:00
  • 0bffcf1679 demos: add demo userns-block-fd.py Giuseppe Scrivano 2017-06-21 16:47:05 +02:00
  • 6724b418e9 bubblewrap: add option --userns-block-fd Giuseppe Scrivano 2017-06-21 16:09:54 +02:00
  • 71660f4101 bubblewrap: add --cap-add and --cap-drop Giuseppe Scrivano 2016-09-23 16:09:30 +02:00
  • a4709b6547 Merge pull request #196 from giuseppe/no-reaper Alexander Larsson 2017-06-13 22:20:14 +02:00
  • 6e778109aa bubblewrap: add --as-pid-1 Giuseppe Scrivano 2016-09-23 14:44:36 +02:00
  • 6ef45aae77 main: Squash a -Wunused-result error, enable FORTIFY_SOURCE in CI Colin Walters 2017-03-28 13:19:43 -04:00
  • b8e6e1159e demos/shell: Use --die-with-parent Colin Walters 2017-03-28 12:17:36 -04:00
  • 30548332a7 Release 0.1.8 v0.1.8 Colin Walters 2017-03-28 10:22:07 -04:00
  • 1a710dc818 main: Parse --version early before acquiring capabilities Colin Walters 2017-03-28 10:13:08 -04:00
  • 76f9460298 test-run.sh: fix the path for the usage string Giuseppe Scrivano 2017-03-01 11:04:56 +01:00
  • b6370de0fc Add --die-with-parent Marek Jarycki 2017-01-25 16:40:49 +01:00
  • 3b51f38262 Ignore missing sysrq-trigger file Tristan Cacqueray 2017-02-19 04:47:53 +00:00
  • 06e9091570 README: update references to runC Aleksa Sarai 2016-07-19 22:50:30 +10:00
  • 36f590c218 Correctly validate remount-ro argument Aidan Hobson Sayers 2017-02-08 00:20:06 +00:00
  • 8cafdf97bb Remove privileged_op flags that are never used Aidan Hobson Sayers 2017-02-07 14:07:34 +00:00
  • a2ceebb38c Ignore EPERM when dropping caps from bounding set Mario Sanchez Prada 2017-02-06 20:28:49 +00:00
  • a27841ed09 ci: Disable ASAN leak checking Colin Walters 2017-01-27 05:44:34 -05:00
  • e3a3f1567a tests: Fold test-basic.sh into test-run.sh Colin Walters 2017-01-23 15:32:16 -05:00
  • e605e2d255 Be more informative if loopback setup fails Colin Walters 2017-01-25 12:56:02 -05:00
  • a26b09ae8c ci: Revamp to actually run the tests Colin Walters 2017-01-20 15:30:21 -05:00
  • 35f2f8e916 tests: Use --unshare-user-try Colin Walters 2017-01-22 10:05:40 -05:00
  • 6388977429 Added --unshare-all to manpage valoq 2017-01-21 09:57:20 +01:00
  • c3a8858ec7 Add --require-userns build option for setuid mode valoq 2017-01-20 04:32:40 +01:00
  • 3032e8c134 build: Remove unbalanced ) in help message Colin Walters 2017-01-20 11:42:55 -05:00
  • 5dec838ba8 Bump version to 0.1.7 v0.1.7 Alexander Larsson 2017-01-18 15:49:50 +01:00
  • ad4a7293f4 Add --unshare-all and --share-net Colin Walters 2017-01-16 17:29:27 -05:00
  • 589666f851 Install seccomp filter at the very end Alexander Larsson 2017-01-17 16:08:41 +01:00
  • c93370a4a5 Call setsid() and setexeccon() befor forking the init monitor Alexander Larsson 2017-01-17 15:58:28 +01:00
  • a6e15164f9 demos/bubblewrap-shell.sh: Unshare all namespaces Alexander Larsson 2017-01-17 12:39:36 +01:00
  • 06a7f31fe4 Make the call to setsid() optional, with --new-session Alexander Larsson 2017-01-17 12:36:52 +01:00
  • 78ed9182c6 ci: Combine ASAN and UBSAN Colin Walters 2017-01-16 16:49:29 -05:00
  • b35f84a331 Clear capability bounding set Alexander Larsson 2017-01-13 09:44:28 +01:00
  • 49bfd4c49e Handle inherited children dying Alexander Larsson 2017-01-12 21:49:37 +01:00
  • 333215bf83 Release 0.1.6 Colin Walters 2017-01-10 10:16:12 -05:00
  • e8e47a9dd4 demo/shell: Add /var/tmp compat symlink, tweak PS1, add more docs Colin Walters 2017-01-05 09:44:09 -05:00
  • 9d368eece4 man: Correct namespace user -> mount Colin Walters 2017-01-09 14:52:29 -05:00
  • 9f6076ddf2 Release 0.1.6 v0.1.6 Colin Walters 2017-01-10 10:16:12 -05:00
  • d7fc532c42 Call setsid() before executing sandboxed code (CVE-2017-5226) Simon McVittie 2017-01-09 17:46:07 +00:00
  • a10af855ab Bump version to 0.1.5 v0.1.5 Alexander Larsson 2016-12-19 10:19:53 +01:00
  • 166e76e736 bind-mount: Check for errors in realpath() Alexander Larsson 2016-12-13 13:56:23 +01:00
  • e769cf9f43 build: Sync default warning -> error set from ostree Colin Walters 2016-12-07 16:55:19 -05:00
  • 821ee95e6d utils: Add __attribute__((printf)) to die() Colin Walters 2016-12-07 17:00:55 -05:00
  • 3a5c701988 README.md: Update with better one liner and more information Colin Walters 2016-12-07 16:13:56 -05:00
  • a18875346d ci: Modernize a bit, add f25-ubsan Colin Walters 2016-12-06 16:13:43 -05:00
  • 2a408e8cc6 Only --unshare-user automatically if we're not root Colin Walters 2016-12-05 15:38:22 -05:00
  • 4a92ad1ee0 Don't call capset() unless we need to Colin Walters 2016-12-01 12:45:29 -05:00
  • 9dfc638503 Fix incorrect nesting of backticks when finding a FUSE mount Simon McVittie 2016-11-29 11:16:12 +00:00
  • 3e659884a2 Adapt tests so they can be run against installed binaries Simon McVittie 2016-11-29 10:16:30 +00:00
  • 21c67366b4 test-run: don't assume we are uid 1000 Simon McVittie 2016-11-29 10:17:05 +00:00
  • 7c8d421d09 test-run: be a bash script Simon McVittie 2016-11-29 10:15:16 +00:00
  • 59f8947054 Release 0.1.4 v0.1.4 Alexander Larsson 2016-11-29 09:08:21 +01:00
  • 80a8deac55 Fix make dist Alexander Larsson 2016-11-29 09:10:51 +01:00
  • 4a1418d336 bind-mount: Fix issue when destination of mount is in a symlink Alexander Larsson 2016-11-22 11:43:56 +01:00
  • 24e6337e04 tests/test-run.sh: Add some more tests that now work Alexander Larsson 2016-11-10 21:03:38 +01:00
  • fce7a336cc bind-mounts: Fix handling of covered mountpoints Alexander Larsson 2016-11-10 20:50:53 +01:00
  • c9c5dda3e1 utils: Add path_equal() Alexander Larsson 2016-11-10 20:37:08 +01:00
  • d6dcdde1b9 bubblewrap: do not leave zombie process Giuseppe Scrivano 2016-10-26 12:22:34 +02:00
  • 486001723f bwrap: fix typos Giuseppe Scrivano 2016-11-10 14:48:28 +01:00
  • 4f715997bc bwrap: setuid to the sandbox uid Giuseppe Scrivano 2016-11-10 12:19:35 +01:00
  • b48c129368 Work around user-namespaces allowing ptrace Alexander Larsson 2016-11-08 15:17:28 +01:00
  • aedd6136b7 Completely drop setcaps codepaths in favour of setuid Alexander Larsson 2016-11-07 10:33:28 +01:00
  • d43752a2ef Add test with basic running operations Alexander Larsson 2016-11-09 13:48:54 +01:00
  • 374d1b6c7a build: Dist bwrap.xml in tarball Colin Walters 2016-11-05 09:38:21 -04:00
  • 10bafea007 Priv-sep: Don't trust client args for REMOUNT_RO_NO_RECURSIVE Alexander Larsson 2016-11-07 12:42:38 +01:00