containers/bubblewrap
Low-level unprivileged sandboxing tool used by Flatpak and similar projects
CNOASSERTION
Issues
- 3
make prctl(PR_SET_NO_NEW_PRIVS optional
#654 opened by hubert-tonneau - 1
Add a --not-a-security-boundary option
#653 opened by smcv - 28
bwrap processes not exiting cleanly under Linux 6.8 (likely kernel regression)
#620 opened by sang-shelton - 5
Bwrap seems to fail in any ARM64 installation
#651 opened by Whistlerone - 6
`--bind` can cause bwrap to fail during startup if it races with the mount table changing
#650 opened by artli - 1
Is there like a native C Library?
#626 opened by MarkusTieger - 4
Why it's not working ?
#649 opened by RENANZG - 1
Static analyzers see opt_args_data as leaked (but the leak is O(1) therefore not a real problem)
#639 opened by jmarrero - 8
- 6
Mount private information leakage
#631 opened by voidastro4 - 2
- 4
Broken for uid/gids >= 2^31
#642 opened by ethanbb - 2
Add --cgroup flag for mounting cgroups
#645 opened by georgyo-js - 4
- 3
[Simple question] Is Bwrap the simplest tool which can be used as file system isolation?
#643 opened by av930 - 8
- 2
slow python import
#638 opened by achsvg - 1
bubblewrap misuses CMSG_DATA() macro
#637 opened by mcatanzaro - 1
`--block-fd` does not work
#635 opened by M83tUt3 - 0
- 0
`--die-with-parent` fails to clean up due to a race condition if the parent bwrap process is killed soon after startup
#633 opened by artli - 4
`bwrap` broke on Ubuntu 24.04
#632 opened by smoelius - 6
- 3
Pass WINCH signal to child process
#573 opened by PhilipRoman - 4
not immediately obvious that `--file` can overwrite a file mounted rw from outside the container
#617 opened by the-sun-will-rise-tomorrow - 0
enhancement: --daemonize-with-child option
#614 opened by jonleivent - 3
- 7
Fails to build with meson 1.3.0 rc1 due to broken bash-completion handling
#609 opened by eli-schwartz - 1
Please specify the license in Github
#611 opened by o0nd7ots - 1
- 1
- 0
Overlayfs masking/whiteout layer
#601 opened by swick - 12
"pivot_root: Invalid argument" when running on a SLURM cluster node from NFS
#594 opened by dmikushin - 3
What is a proper way to have a regular user with sudo and root in container?
#593 opened by dmikushin - 2
Binding of joystick inside bubblewrap
#591 opened by ruanformigoni - 2
- 2
- 4
bwrap with --unshare-pid runs twice and leaves a zombie process when ran inside a docker container
#587 opened by laheau - 3
Question about Xwayland and python app.
#568 opened by BirdInFire - 3
- 6
- 2
does bubblewrap blocks syscall utimensat ?
#584 opened by toralf - 3
Microphone access (google-chrome, Ubuntu 22)
#582 opened by wonbug - 2
- 8
Build fails on Android using Clang 16 (termux)
#579 opened by orowith2os - 6
Unable to use pkexec in sandbox
#578 opened by pastaq - 6
Disable or configure properly uid|gid remapping.
#574 opened by donob4n - 0
--bind non-world-x path with --unshare-user
#570 opened by luke-jr - 0
--bind fails if directories above are not +rx
#569 opened by luke-jr - 3
$ORIGIN in RPATH doesn't seem to work properly
#565 opened by russelltg