From 7d7b55fc55ff53be94d39dfb1abb2b972e92d2d6 Mon Sep 17 00:00:00 2001 From: Danny Rawlins Date: Sat, 25 Apr 2020 14:24:30 +1000 Subject: [PATCH] bubblewrap: 0.4.0 -> 0.4.1 --- bubblewrap/.signature | 8 ++++---- bubblewrap/Pkgfile | 2 +- bubblewrap/bwrap.1 | 35 ++++++++++++++++++++++++++++++++++- 3 files changed, 39 insertions(+), 6 deletions(-) diff --git a/bubblewrap/.signature b/bubblewrap/.signature index b2b68e0da..c2df2add2 100644 --- a/bubblewrap/.signature +++ b/bubblewrap/.signature @@ -1,6 +1,6 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/Y5i6pgKNk+NXzz25QJ/kTz0egSfkyt0gPidoVBnGjxzCIb15zbyS96nR3qbanwLomOlkKioXCdRMG8E0e9taAM= -SHA256 (Pkgfile) = 100aa6567b27fbb0230bc7fb2dfaa7469a494a4c1a44943815e0a2202075b619 +RWSE3ohX2g5d/ZLDRGRcHYTJ6qkV7iyD2vjmrAAerYaxLf4yN8hsNDB/d488BIxLpZqcaFbC0SHEChmHCDcJSfW/4DiDAn2+igI= +SHA256 (Pkgfile) = d07d70a08d4a8a86d47b7d6e06b5edc1e2bba37b7b74d6f5dd443b93185ab1f1 SHA256 (.footprint) = e8c8c4e353f4c9362d89a9cf83126409af016d87c19ba0bbc568aeb0c0124038 -SHA256 (bubblewrap-0.4.0.tar.xz) = e5fe7d2f74bd7029b5306b0b70587cec31f74357739295e5276b4a3718712023 -SHA256 (bwrap.1) = 3fa7c99c1f98f838f8f22112b9950ee5377d7a084a63f1cadf24fe99e104a5dc +SHA256 (bubblewrap-0.4.1.tar.xz) = b9c69b9b1c61a608f34325c8e1a495229bacf6e4a07cbb0c80cf7a814d7ccc03 +SHA256 (bwrap.1) = a9724fcf70fee82f975934d8f1201f6eab24fce5193613b0f196fbf92f25b8a1 diff --git a/bubblewrap/Pkgfile b/bubblewrap/Pkgfile index 3308710fd..5d2aea8b0 100644 --- a/bubblewrap/Pkgfile +++ b/bubblewrap/Pkgfile @@ -5,7 +5,7 @@ # Optional: docbook-xsl name=bubblewrap -version=0.4.0 +version=0.4.1 release=1 source=(https://github.com/projectatomic/bubblewrap/releases/download/v$version/$name-$version.tar.xz bwrap.1) diff --git a/bubblewrap/bwrap.1 b/bubblewrap/bwrap.1 index 7b5c27de0..d88e4afd3 100644 --- a/bubblewrap/bwrap.1 +++ b/bubblewrap/bwrap.1 @@ -2,7 +2,7 @@ .\" Title: bwrap .\" Author: Alexander Larsson .\" Generator: DocBook XSL Stylesheets vsnapshot -.\" Date: 09/22/2019 +.\" Date: 04/25/2020 .\" Manual: User Commands .\" Source: Project Atomic .\" Language: English @@ -177,6 +177,39 @@ Options related to kernel namespaces: \fB\-\-unshare\-uts\fR \fB\-\-unshare\-cgroup\-try\fR + .RE + .PP +\fB\-\-userns \fR\fBFD\fR +.RS 4 + + + Use an existing user namespace instead of creating a new one\&. The namespace must fulfil the permission requirements for setns(), which generally means that it must be a decendant of the currently active user namespace, owned by the same user\&. +.sp + + This is incompatible with \-\-unshare\-user, and doesn\*(Aqt work in the setuid version of bubblewrap\&. + + .RE + .PP +\fB\-\-userns2 \fR\fBFD\fR +.RS 4 + + + After setting up the new namespace, switch into the specified namespace\&. For this to work the specified namespace must be a decendant of the user namespace used for the setup, so this is only useful in combination with \-\-userns\&. +.sp + + This is useful because sometimes bubblewrap itself creates nested user namespaces (to work around some kernel issues) and \-\-userns2 can be used to enter these\&. + + .RE + .PP +\fB\-\-pidns \fR\fBFD\fR +.RS 4 + + + Use an existing pid namespace instead of creating one\&. This is often used with \-\-userns, because the pid namespace must be owned by the same user namespace that bwrap uses\&. +.sp + + Note that this can be combined with \-\-unshare\-pid, and in that case it means that the sandbox will be in its own pid namespace, which is a child of the passed in one\&. + .RE .PP \fB\-\-uid \fR\fBUID\fR