AUR (en) - bubblewrap-git

Search Criteria

Package Details: bubblewrap-git v0.3.1.r6.g94147e2-1

Git Clone URL:	https://aur.archlinux.org/bubblewrap-git.git (read-only, click to copy)
Package Base:	bubblewrap-git
Description:	Unprivileged sandboxing tool
Upstream URL:	https://github.com/projectatomic/bubblewrap
Keywords:	containers sandbox
Licenses:	LGPL
Conflicts:	bubblewrap
Provides:	bubblewrap
Submitter:	aperez
Maintainer:	None
Last Packager:	aperez
Votes:	4
Popularity:	0.000000
First Submitted:	2016-05-08 09:52 (UTC)
Last Updated:	2018-12-26 18:37 (UTC)

Git Clone URL:

https://aur.archlinux.org/bubblewrap-git.git (read-only, click to copy)

Package Base:

bubblewrap-git

Description:

Unprivileged sandboxing tool

Upstream URL:

https://github.com/projectatomic/bubblewrap

Keywords:

containers sandbox

Licenses:

LGPL

Conflicts:

bubblewrap

Provides:

bubblewrap

Submitter:

aperez

Maintainer:

None

Last Packager:

aperez

Votes:

Popularity:

0.000000

First Submitted:

2016-05-08 09:52 (UTC)

Last Updated:

2018-12-26 18:37 (UTC)

Dependencies (5)

autoconf (autoconf-git^AUR) (make)
automake (automake-git^AUR) (make)
docbook-xsl (make)
git (git-git^AUR) (make)
libxslt (libxslt-git^AUR) (make)

Required by (48)

abuild (requires bubblewrap)
amber-ce-bookworm (requires bubblewrap)
bubblejail (requires bubblewrap)
bubblejail-git (requires bubblewrap)
buildbox-run-bubblewrap (requires bubblewrap)
buildstream-devel (requires bubblewrap)
buildstream-git (requires bubblewrap)
cn.flamescion.bookworm-compatibility-mode (requires bubblewrap)
electronic-wechat-uos-bin (requires bubblewrap)
factorio-desktop (requires bubblewrap)
flatpak-git (requires bubblewrap)
gnome-desktop-common-git (requires bubblewrap)
lilac-git (requires bubblewrap)
linuxqq-nt-bwrap (requires bubblewrap)
mailmaster-bin (requires bubblewrap)
mat2-git (requires bubblewrap) (optional)
mkosi-git (requires bubblewrap)
ocaml-ssl (requires bubblewrap) (make)
opam-git (requires bubblewrap)
opengamepadui-bin (requires bubblewrap) (optional)
Show 28 more...

Sources (1)

bubblewrap-git

Latest Comments

« First ‹ Previous 1 2

yawning commented on 2016-10-09 04:20 (UTC)

@aperez: TLDR: * USER_NS should use `--with-priv-mode=none`. * Non-USER_NS should use `--with-priv-mode=caps`. The reason why the package was broken on non-USER_NS kernels previously was because the capabilities granted in the `post_install()` were wrong/insufficient (because upstream changed the requirements), not because the binary needs to be SUID root. USER_NS removes the need for any elevated privileges as well. The upstream commit that broke the `post_install()` setcap directive was e0a07f4de70acb27d95bae69e27e42e5941e5873 , though as of your latest commit it's now correct.

aperez commented on 2016-09-22 09:01 (UTC)

@Pelzflorian: You're welcome! Let's hope USER_NS is enabled at some point in the default kernels, as more and more tools are likely to make use of it. I need it myself for Vagga, and adoption of things like Flatpak are probably going to push distributions to have the option enabled by default :-)

Pelzflorian commented on 2016-09-22 05:51 (UTC)

Thank you :) . Since this is an AUR package, build time checks seem OK.

aperez commented on 2016-09-22 02:18 (UTC)

@Pelzflorian: I have changed the PKGBUILD. If the running kernel does not have CONFIG_USER_NS enabled (user namespaces), then --with-priv-mode=setuid is passed to the configure script. Otherwise, if user namespaces are available use --with-priv-mode=caps.

Pelzflorian commented on 2016-09-19 05:14 (UTC)

Default Arch kernels do not support user namespaces (bug FS#36969), so on a default kernel, this should be configured with --with-priv-mode=setuid, in which case it also does not need the install file. If you want to keep using user namespaces (for non-default kernels), you or I could make a separate bubblewrap-setuid package for default kernels.