forked from pool/bubblewrap
b197979c9f
* All the demos are included * bugfixes for the demo files * There was an issue with mkdir when running bubblewrap on an NFS filesystem that has been fixed, so flatpak now works on NFS shares. * Some leaks have been fixed, including a file descriptor leak. OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/bubblewrap?expand=0&rev=11
150 lines
6.8 KiB
Plaintext
150 lines
6.8 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue May 1 21:02:33 UTC 2018 - sebix+novell.com@sebix.at
|
|
|
|
- update to version 0.2.1:
|
|
* All the demos are included
|
|
* bugfixes for the demo files
|
|
* There was an issue with mkdir when running bubblewrap on an NFS
|
|
filesystem that has been fixed, so flatpak now works on NFS shares.
|
|
* Some leaks have been fixed, including a file descriptor leak.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 9 17:53:37 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
- update to version 0.2.0
|
|
- bwrap now automatically detects the new
|
|
user namespace restrictions in Red Hat Enterprise Linux 7.4:
|
|
bubblewrap: check for max_user_namespaces == 0.
|
|
- The most notable features are new arguments --as-pid1, and
|
|
--cap-add/--cap-drop. These were added for running systemd (or in general a
|
|
"full" init system) inside bubblewrap. But the capability options are also
|
|
useful for unprivileged callers to potentially retain capbilities inside the
|
|
sandbox (for example CAP_NET_ADMIN), when user namespaces are enabled.
|
|
Conversely, privileged callers (uid 0) can conversely drop capabilities (without
|
|
user namespaces). Contributed by Giuseppe Scrivano.
|
|
- With --dev, add /dev/fd and /dev/core symlinks
|
|
which should improve compatibility with older software.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 18 12:39:54 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
- add group
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 7 09:40:27 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
- fix build macro with rpm < 4.12 (non-Factory currently)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 25 21:15:49 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
- update to version 0.1.8
|
|
- New --die-with-parent which is based on the Linux prctl(PR_SET_PDEATHSIG) API.
|
|
- smaller bugfixes
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 2 09:08:58 UTC 2017 - sebix+novell.com@sebix.at
|
|
|
|
- upgrade to upstream version 0.1.7
|
|
- note that this package was *never* affected by CVE-2017-5226
|
|
as it was introduced in version 0.1.6
|
|
- upstream changelog of version 0.1.7:
|
|
This release backs out the change in 0.1.6 which unconditionally
|
|
called setsid() in order to fix a security issue with TIOCSTI, aka
|
|
CVE-2017-522. That change caused some behavioural issues that are
|
|
hard to work with in some cases. For instance, it makes shell job
|
|
control not work for the bwrap command.
|
|
Instead there is now a new option --new-session which works like
|
|
0.1.6. It is recommended that you use this if possible, but if not we
|
|
recommended that you neutralize this some other way, for instance
|
|
using SECCOMP, which is what flatpak does:
|
|
https://github.com/flatpak/flatpak/commit/902fb713990a8f968ea4350c7c2a27ff46f1a6c4
|
|
In order to make it easy to create maximally safe sandboxes we have
|
|
also added a new commandline switch called --unshare-all. It unshares
|
|
all possible namespaces and is currently equivalent with:
|
|
--unshare-user-try --unshare-ipc --unshare-pid --unshare-net
|
|
--unshare-uts --unshare-cgroup-try
|
|
However, the intent is that as new namespaces are added to the kernel they will
|
|
be added to this list. Additionally, if --share-net is specified the network
|
|
namespace is not unshared.
|
|
This release also has some bugfixes:
|
|
bwrap reaps (unexpected) children that are inherited from the
|
|
parent, something which can happen if bwrap is part of a shell
|
|
pipeline.
|
|
bwrap clears the capability bounding set. The permitted
|
|
capabilities was already empty, and use of PR_NO_NEW_PRIVS should
|
|
make it impossible to increase the capabilities, but more
|
|
layers of protection is better.
|
|
The seccomp filter is now installed at the very end of bwrap, which
|
|
means the requirement of the filter is minimal. Any bwrap seccomp
|
|
filter must at least allow: execve, waitpid and write
|
|
Alexander Larsson (7):
|
|
Handle inherited children dying
|
|
Clear capability bounding set
|
|
Make the call to setsid() optional, with --new-session
|
|
demos/bubblewrap-shell.sh: Unshare all namespaces
|
|
Call setsid() and setexeccon() befor forking the init monitor
|
|
Install seccomp filter at the very end
|
|
Bump version to 0.1.7
|
|
Colin Walters (6):
|
|
Release 0.1.6
|
|
man: Correct namespace user -> mount
|
|
demo/shell: Add /var/tmp compat symlink, tweak PS1, add more docs
|
|
Release 0.1.6
|
|
ci: Combine ASAN and UBSAN
|
|
Add --unshare-all and --share-net
|
|
- upstream changelog for 0.1.6:
|
|
This fixes a security issue with TIOCSTI, aka CVE-2017-522. Note bubblewrap is
|
|
far from the only program that has this issue, and I think the best fix is
|
|
probably in the kernel to support disabling this ioctl.
|
|
|
|
Programs can also work around this by calling setsid() on their own in an exec
|
|
handler before doing an exevp("bwrap").
|
|
- upstream changelog for 0.1.5:
|
|
This is a bugfix release, here are the major changes:
|
|
Running bubblewrap as root now works again
|
|
Various fixes for the testsuite
|
|
Use same default compiler warnings as ostree
|
|
Handle errors resolving symlinks during bind mounts
|
|
Alexander Larsson (2):
|
|
bind-mount: Check for errors in realpath()
|
|
Bump version to 0.1.5
|
|
Colin Walters (6):
|
|
Don't call capset() unless we need to
|
|
Only --unshare-user automatically if we're not root
|
|
ci: Modernize a bit, add f25-ubsan
|
|
README.md: Update with better one liner and more information
|
|
utils: Add __attribute__((printf)) to die()
|
|
build: Sync default warning -> error set from ostree
|
|
Simon McVittie (4):
|
|
test-run: be a bash script
|
|
test-run: don't assume we are uid 1000
|
|
Adapt tests so they can be run against installed binaries
|
|
Fix incorrect nesting of backticks when finding a FUSE mount
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 16 10:14:32 UTC 2016 - sebix+novell.com@sebix.at
|
|
|
|
- upgrade to upstream version 0.1.4
|
|
- Build also for Leap 42.2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 14 2016 Colin Walters <walters@verbum.org> - 0.1.3-2
|
|
|
|
- New upstream version
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 12 2016 Kalev Lember <klember@redhat.com> - 0.1.2-1
|
|
|
|
- Update to 0.1.2
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 12 2016 Igor Gnatenko <ignatenko@redhat.com> - 0.1.1-2
|
|
|
|
- Trivial fixes in packaging
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 08 2016 Colin Walters <walters@verbum.org> - 0.1.1
|
|
|
|
- Initial package
|