Closed WildByDesign closed 3 weeks ago
I added an experimental flag, but it wasn't tested, if you can, please help me verify it
branch: master commit: e12349404747491354ccb4202bfe302e72de1379
The Github Actions build was failing. So I just added the changes for wsudo.cc, wsudo.hpp, appcontainer.cc and exec.hpp
to my local build for testing and that compiled properly. So I think it was the bela
changes causing builds to fail.
I tested to make sure all previous AppContainer profile behavior is working good and there are no regressions.
I tested with the new --retain
flag to make sure the AC profile is kept and that is working good as well.
So from all of my testing, this new change is working 100% with no regressions. I will close this issue now. Thank you so much.
Reminder: The README also needs to be updated to add the --retain
flag under the wsudo options.
@fcharlie
Would you please be able to make it so that there is an option to retain the AppContainer profile?
There are a few examples of how to do this if the AppContainer profile exists:
RunAppContainer from zodiacon: https://github.com/zodiacon/RunAppContainer/blob/master/RunAppContainer/RunAppContainerDlg.cpp#L214-L217
LaunchAppContainer from Microsoft: https://github.com/microsoft/SandboxSecurityTools/blob/main/LaunchAppContainer/LaunchAppContainer/LaunchAppContainer.cpp#L222-L227
Also, Pavel (zodiacon) talks about
containerName
failing due to existing AC profile and how to useDeriveAppContainerSidFromAppContainerName
to extract existing AC profile SID here (https://scorpiosoftware.net/2019/01/15/fun-with-appcontainers/).If possible, it would be great it
wsudo
could have a command line flag (eg.-r
) to retain AppContainer profile.Thank you for your time.