forked from pool/bubblewrap
70c655d237
- update to version 0.3.1:
* New feature in this release is --bind-try (as well as --dev-bind-try
and --ro-bind-try) which works like the regular versions if the source
exists, but does nothing if it doesn't exist.
* The mount type for the root tmpfs was also changed to "tmpfs" instead
of being empty, as the later could cause problems with some programs
when parsing the mountinfo files in /proc.
* The biggest feature from this release is that bwrap
now supports being invoked recursively (from other container
runtimes such as Docker/podman/runc as well as bwrap itself)
when user namespaces are enabled, and the outer container manager
allows it (Docker's default seccomp policy doesn't).
* This is useful for testing scenarios; for example a project
uses Kubernetes for its CI, but inside build the project wants to run
each unit test in their own pid namespace, without going out
and creating a new pod for every single unit test.
* Similarly, rpm-ostree compose tree uses bwrap internally for scripts,
and we want to support running rpm-ostree inside a container as well.
* Another feature is bwrap now supports -- to terminate argument
parsing. To detect availablity of this, you could parse bwrap --version.
OBS-URL: https://build.opensuse.org/request/show/641328
OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/bubblewrap?expand=0&rev=15
70 lines
2.3 KiB
RPMSpec
70 lines
2.3 KiB
RPMSpec
#
|
|
# spec file for package bubblewrap
|
|
#
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: bubblewrap
|
|
Version: 0.3.1
|
|
Release: 0
|
|
Summary: Core execution tool for unprivileged containers
|
|
License: LGPL-2.0-or-later
|
|
Group: Productivity/Security
|
|
Url: https://github.com/projectatomic/bubblewrap
|
|
Source: https://github.com/projectatomic/bubblewrap/archive/v%{version}.tar.gz
|
|
# Does not have README.md and autogen.sh included -> unusable
|
|
# Source0: https://github.com/projectatomic/bubblewrap/releases/download/v%%{version}/%%{name}-%%{version}.tar.xz
|
|
# We always run autogen.sh
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: docbook-xsl-stylesheets
|
|
BuildRequires: gcc
|
|
BuildRequires: git
|
|
BuildRequires: libcap-devel
|
|
BuildRequires: libtool
|
|
BuildRequires: libxslt
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: pkgconfig(libselinux)
|
|
|
|
%description
|
|
Bubblewrap (%{_bindir}/bwrap) is a core execution engine for unprivileged
|
|
containers that works as a setuid binary on kernels without
|
|
user namespaces.
|
|
|
|
%prep
|
|
%autosetup -n %{name}-%{version}
|
|
sed -i '1d' completions/bash/bwrap
|
|
sed -i '1s/env //' demos/bubblewrap-shell.sh demos/userns-block-fd.py
|
|
|
|
%build
|
|
env NOCONFIGURE=1 ./autogen.sh
|
|
%configure --disable-silent-rules --with-priv-mode=none
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
%make_install DESTDIR=%{buildroot} INSTALL="install -p -c"
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
|
|
%files
|
|
%license COPYING
|
|
%doc README.md demos
|
|
%dir %{_datadir}/bash-completion
|
|
%dir %{_datadir}/bash-completion/completions
|
|
%{_datadir}/bash-completion/completions/bwrap
|
|
%{_bindir}/bwrap
|
|
%{_mandir}/man1/*
|
|
|
|
%changelog
|