bubblewrap: 0.4.0 -> 0.4.1

2020-04-25 14:24:30 +10:00 · 2020-04-25 14:24:30 +10:00 · 7d7b55fc55
commit 7d7b55fc55
parent b49e917dd5
3 changed files with 39 additions and 6 deletions
--- a/bubblewrap/.signature
+++ b/bubblewrap/.signature
@ -1,6 +1,6 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/Y5i6pgKNk+NXzz25QJ/kTz0egSfkyt0gPidoVBnGjxzCIb15zbyS96nR3qbanwLomOlkKioXCdRMG8E0e9taAM=
-SHA256 (Pkgfile) = 100aa6567b27fbb0230bc7fb2dfaa7469a494a4c1a44943815e0a2202075b619
+RWSE3ohX2g5d/ZLDRGRcHYTJ6qkV7iyD2vjmrAAerYaxLf4yN8hsNDB/d488BIxLpZqcaFbC0SHEChmHCDcJSfW/4DiDAn2+igI=
+SHA256 (Pkgfile) = d07d70a08d4a8a86d47b7d6e06b5edc1e2bba37b7b74d6f5dd443b93185ab1f1
 SHA256 (.footprint) = e8c8c4e353f4c9362d89a9cf83126409af016d87c19ba0bbc568aeb0c0124038
-SHA256 (bubblewrap-0.4.0.tar.xz) = e5fe7d2f74bd7029b5306b0b70587cec31f74357739295e5276b4a3718712023
-SHA256 (bwrap.1) = 3fa7c99c1f98f838f8f22112b9950ee5377d7a084a63f1cadf24fe99e104a5dc
+SHA256 (bubblewrap-0.4.1.tar.xz) = b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03
+SHA256 (bwrap.1) = a9724fcf70fee82f975934d8f1201f6eab24fce5193613b0f196fbf92f25b8a1
--- a/bubblewrap/Pkgfile
+++ b/bubblewrap/Pkgfile
@ -5,7 +5,7 @@
 # Optional: docbook-xsl

 name=bubblewrap
-version=0.4.0
+version=0.4.1
 release=1
 source=(https://github.com/projectatomic/bubblewrap/releases/download/v$version/$name-$version.tar.xz
 	bwrap.1)
--- a/bubblewrap/bwrap.1
+++ b/bubblewrap/bwrap.1
@ -2,7 +2,7 @@
 .\"     Title: bwrap
 .\"    Author: Alexander Larsson
 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
-.\"      Date: 09/22/2019
+.\"      Date: 04/25/2020
 .\"    Manual: User Commands
 .\"    Source: Project Atomic
 .\"  Language: English
@ -177,6 +177,39 @@ Options related to kernel namespaces:
 \fB\-\-unshare\-uts\fR
 \fB\-\-unshare\-cgroup\-try\fR

+    .RE
+    .PP
+\fB\-\-userns \fR\fBFD\fR
+.RS 4
+
+      
+      Use an existing user namespace instead of creating a new one\&. The namespace must fulfil the permission requirements for setns(), which generally means that it must be a decendant of the currently active user namespace, owned by the same user\&.
+.sp
+
+      This is incompatible with \-\-unshare\-user, and doesn\*(Aqt work in the setuid version of bubblewrap\&.
+
+    .RE
+    .PP
+\fB\-\-userns2 \fR\fBFD\fR
+.RS 4
+
+      
+      After setting up the new namespace, switch into the specified namespace\&. For this to work the specified namespace must be a decendant of the user namespace used for the setup, so this is only useful in combination with \-\-userns\&.
+.sp
+
+      This is useful because sometimes bubblewrap itself creates nested user namespaces (to work around some kernel issues) and \-\-userns2 can be used to enter these\&.
+
+    .RE
+    .PP
+\fB\-\-pidns \fR\fBFD\fR
+.RS 4
+
+      
+      Use an existing pid namespace instead of creating one\&. This is often used with \-\-userns, because the pid namespace must be owned by the same user namespace that bwrap uses\&.
+.sp
+
+      Note that this can be combined with \-\-unshare\-pid, and in that case it means that the sandbox will be in its own pid namespace, which is a child of the passed in one\&.
+
    .RE
    .PP
 \fB\-\-uid \fR\fBUID\fR