[Pkg-utopia-maintainers] Bug#823548: ITP: bubblewrap -- setuid wrapper for unprivileged chroot and namespace manipulation

Simon McVittie smcv at debian.org
Thu May 5 20:49:10 UTC 2016


Package: wnpp
Severity: wishlist
Owner: Simon McVittie <smcv at debian.org>
Control: affects -1 xdg-app

* Package name    : bubblewrap
  Version         : (no releases yet)
  Upstream Author : Colin Walters, Alex Larsson
* URL             : https://github.com/projectatomic/bubblewrap/
* License         : LGPL-2+
  Programming Lang: C
  Description     : setuid wrapper for unprivileged chroot and namespace manipulation

bubblewrap is a setuid wrapper tool with which unprivileged users can
launch containers, using chroot and various Linux namespace features,
without giving those users access to the full attack surface of user
namespaces.

---

bubblewrap is derived from xdg-app-helper in src:xdg-app, which is itself
derived from linux-user-chroot. The next upstream version of
xdg-app will replace xdg-app-helper with a private copy of bubblewrap as a
git submodule; later versions are intended to use a system copy of
bubblewrap, at least optionally.

When bubblewrap has matured a bit and had some releases, it might make
sense to treat it as superseding linux-user-chroot, possibly with a
transitional package containing a script for command-line compatibility,
so that the overall number of setuid-root things in the archive can
reduce. (linux-user-chroot maintainer in X-Debbugs-Cc)

I intend to maintain this in collab-maint, with pkg-utopia as
the primary maintainer (unless some other team wants it). Co-maintainers
and security audits welcome.

    S



More information about the Pkg-utopia-maintainers mailing list