Request: Option to Retain AppContainer Profile

[WildByDesign]

@fcharlie

Would you please be able to make it so that there is an option to retain the AppContainer profile?

There are a few examples of how to do this if the AppContainer profile exists:

RunAppContainer from zodiacon: https://github.com/zodiacon/RunAppContainer/blob/master/RunAppContainer/RunAppContainerDlg.cpp#L214-L217

LaunchAppContainer from Microsoft: https://github.com/microsoft/SandboxSecurityTools/blob/main/LaunchAppContainer/LaunchAppContainer/LaunchAppContainer.cpp#L222-L227

Also, Pavel (zodiacon) talks about containerName failing due to existing AC profile and how to use DeriveAppContainerSidFromAppContainerName to extract existing AC profile SID here (https://scorpiosoftware.net/2019/01/15/fun-with-appcontainers/).

If possible, it would be great it wsudo could have a command line flag (eg. -r) to retain AppContainer profile.

Thank you for your time.

[fcharlie]

I added an experimental flag, but it wasn't tested, if you can, please help me verify it

branch: master commit: e12349404747491354ccb4202bfe302e72de1379

[WildByDesign]

The Github Actions build was failing. So I just added the changes for wsudo.cc, wsudo.hpp, appcontainer.cc and exec.hpp to my local build for testing and that compiled properly. So I think it was the bela changes causing builds to fail.

I tested to make sure all previous AppContainer profile behavior is working good and there are no regressions.

I tested with the new --retain flag to make sure the AC profile is kept and that is working good as well.

So from all of my testing, this new change is working 100% with no regressions. I will close this issue now. Thank you so much.

Reminder: The README also needs to be updated to add the --retain flag under the wsudo options.