-
Can we have PID 1 using PID namespace? `unshare()` does it but requires root.
-
One of the workshop's prerequisites is familiarity with the os module.
Add slide(s) with usage example for: path.join, makedirs, unshare, symlink, fork, waitpid, execv, etc.
-
### Describe the bug
The compiler crashes without a helpful error message when running inside a Linux control-groups-based sandbox (specifically, [isolate](https://github.com/ioi/isolate)).
### To…
-
Currently the system calls require root privileges to access, but ideally the program should not force the user to explicitly call sudo or otherwise establish root privileges to run.
-
#### What happened:
I was installing SPO and trying the AppArmor support on a GKE cluster with COS(Container-Optimized OS) nodes.
I applied the profile with
`kubectl apply -f https://raw.githu…
-
When root, it's not necessary to --unshare-user to be able to change uid/gid, so bubblewrap shouldn't require it.
-
If already in a user namespace, a regular user can have all the required permissions necessary for bubblewrap to function correctly. Hence bubblewrap shouldn't implicitly enable --unshare-user when no…
-
I've been troubleshooting some issues executing into a running container and as I tried comparing with `runc`, I noticed it worked as I expected it.
Here's the setup procedure I have for my test:
…
-
1. Fix the HEK layout finally for once and forever, similar to the recent `struct padname_with_str` hack.
2. or fix it case by case by adding free/unshare_hek workarounds or fix the refcounts
hv.h ha…
-
Hey, I just found about this project recently, and it seems pretty cool. I was going through the docs, and your blog post of this, and it states that currently this only detects leaky tests which forw…