Tags: containers/bubblewrap
Tags
bubblewrap 0.10.0 New features: - Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving CVE-2024-42472 in Flatpak. Other changes: - Fix some confusing syntax in SetupOpFlag (no functional change). (#636) Git-EVTag-v0-SHA512: de9d80e633a20683767d96924b456f06776224b733428d70038b3b7b0fc3088a1161c33425704bae76c3e75cca3a03d06e5c2d318258382c5a4c18e17ac99ed8
bubblewrap 0.6.3 This release is intended to be used as part of Flatpak 1.14.x. If possible, please upgrade to 0.10.0 or later instead. - Backport the --[ro-]bind-fd option from 0.10.0. This can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks, and is needed when resolving CVE-2024-42472 in Flatpak. Git-EVTag-v0-SHA512: a3c17c5d8d939b4e9daf0ba94049f0941e959ccc9f7711c8fb08230a22790c08d902c7846e57c1ceddb51d4afa0a179a6abb611bcd08e68fa006e798cddc8a55
bubblewrap 0.9.0 * Building this version of bubblewrap with Meson is recommended. The source release bubblewrap-0.9.0.tar.xz no longer contains Autotools-generated files, although this version can still be built using Autotools after running `./autogen.sh`. Future versions are likely to remove the Autotools build system altogether. * Add `--argv0` (#91) * `--symlink` is now idempotent, meaning it succeeds if the symlink already exists and already has the desired target (#549, flatpak/flatpak#2387, flatpak/flatpak#3477, flatpak/flatpak#5255) * Clarify security considerations in documentation (#555, #560, #621) * Clarify documentation for `--cap-add` (#562) * Report a better error message if `mount(2)` fails with `ENOSPC` (#615, ValveSoftware/steam-runtime#637) * Make it easier to add new unit tests (#420) * Drop support for ancient Python versions in demo code * Fix a double-close on error reading from `--args`, `--seccomp` or `--add-seccomp-fd` argument (#558) * Improve memory allocation behaviour (#556, #624) * Silence various compiler warnings (#559) * Silence an Automake warning (#622) * Fix a test failure when running as uid 0 in a container (#488) * Fix a test failure when `/mnt` is a symlink (#599) * Fix a test failure on NixOS (#603) Git-EVTag-v0-SHA512: 0e327ddf75813b60969d693ebb2fdca24355c988f86d72de666c6a47dfcd168d2fd3135f8cbd477d778faf9770eda0d7f2d3dcc536687be4903a3913fd3399c8
bubblewrap v0.8.0 New features: * Add `--disable-userns` option to prevent the sandbox from creating its own nested user namespace (#488) * Add `--assert-userns-disabled` option to check that an existing userns was created with `--disable-userns` (#488) * Give a clearer error message if the kernel doesn't have `CONFIG_SECCOMP` and `CONFIG_SECCOMP_FILTER` (#550) Bug fixes: * Fix test failure with recent versions of `capsh` (#544) * Fix test failure since 0.7.0 when not using post-2013 GNU coreutils (#539) * Fix test failure since 0.7.0 if bubblewrap is setuid (#539) Git-EVTag-v0-SHA512: d01204613853596f38f2c4bc732207e47e0917b27786d27524e4d74ff692fcacdf3fc0043d2428e53003fb539c106c70de8d1ec9ed1c2999a2f9342038f91daa
bubblewrap 0.7.0 New features: * `--size` option controls the size of a subsequent `--tmpfs` (#509) * Better error messages if a mount operation fails (#472) * Better error message if creating the new user namespace fails with `ENOSPC` (#487) * When building as a Meson subproject, a `RUNPATH` can be set on the executable to make it easier to bundle its `libcap` dependency Bug fixes: * When building with Autotools, ensure initial setup for `pkg-config` is not disabled by `--with-bash-completion-dir=PATH` (#316, #342, #441) * Fix test failures when running as uid 0 but with limited capabilities (#510) * Use POSIX `command -v` in preference to non-standard `which` (#527) * Fix a copy/paste error in `--help` (#531) Git-EVTag-v0-SHA512: f4f6e2a92493461c2c39bacc1c3003167162113c88d2142f2041dcb830f3bd3a7df541aad361d1e6ce99576d66bd7eac1065340406e294cd4769b9c4c81c2a2c
bubblewrap v0.6.2 New features in Meson build: * Auto-detect whether the man page can be generated * `-Dbwrapdir=...` changes the installation directory (useful when being used as a subproject) * `-Dtests=false` disables unit tests Bug fixes: * Add `--add-seccomp-fd` to shell completions * Document `--add-seccomp-fd`, `--json-status-fd` and `--share-net` in the man page * Add attributes to silence various compiler warnings * Allow compilation of tests with musl on mips architectures * Allow compilation with older glibc * Disable sanitizers for a test helper whose seccomp profile breaks the instrumentation * Disable AddressSanitizer leak detection where it interferes with unit testing Git-EVTag-v0-SHA512: c39a93493bbb32c6e0521c62cf8f1683ad7ea71b2c11888ad40ed108b647e65b732177ec28809510e9e5253e09926ff444aada42ed6fe2ffea43608c23f43a44
bubblewrap v0.6.1 * Fix `bwrap --version` when built with Meson (#477) * Don't install zsh completion as executable when built with Meson Git-EVTag-v0-SHA512: d70aa47bb1ebfd37dcbf63551f10f824582b7fcd5931f4568c247df5bc2707ca1ea32e6d57dbbd4d0ac08f8c78cfecdced0b24de7339af59d42933cfa7b56b02
bubblewrap 0.6.0 New features: * New `--add-seccomp` option can be used to add more than one seccomp program (#453) * Add a warning when repeating options where only the last one will be used, in particular `--seccomp` (#454) * Add a Meson build system. (#432) * This can be used as a subproject by larger Meson projects. When used as a subproject, the `-Dprogram_prefix` option is required: see `tests/use-as-subproject/` for an example. * There is no equivalent of the `--with-priv-mode=setuid` option in this build system. Distributions that still require a setuid bubblewrap executable will need to `chown` and `chmod` the executable appropriately as a separate step in their packaging. * The Autotools build system is still supported in this release, but might be removed in a future release if the Meson build system is sufficiently successful. Bug fixes: * Invoke bash via `PATH` for better compatibility with non-FHS operating systems * Exit early when `argc == 0`, to harden against the equivalent of CVE-2021-4034 (this is not a security issue in our case) Other changes: * The default branch is now named `main` * Partial REUSE support (add SPDX-License-Identifier to many source files) * Remove old CI integration Git-EVTag-v0-SHA512: f07c0e1b6950c698683a802077ad954bdb6a94c62c01971a5eb5b7660376ff880c79f1b65c6eab7cf176933126572cc65ac8bb095b61141c44be16a6c44209fc
Release v0.5.0 New features: * `--chmod` changes permissions * `--clearenv` unsets every environment variable (except `PWD`) * `--perms` sets permissions for one subsequent `--bind-data`, `--dir`, `--file`, `--ro-bind-data` or `--tmpfs` Other enhancements: * Better diagnostics when a `--bind` or other bind-mount fails * `zsh` tab-completion * Better test coverage Bug fixes: * Use Python 3 for tests and examples * Mount points for non-directories are created with permissions `-r--r--r--` instead of `-rw-rw-rw-` * Don't remount items in `/proc` read-only if already `EROFS`, required to run under Docker * Allow mounting an non-directory over an existing non-directory, e.g. `--bind "$XDG_RUNTIME_DIR/my-log-socket" /dev/log` * Silence kernel messages for our bind-mounts * Make sure `pkg-config` is checked for, regardless of build options * Improve ability to bind-mount directories on case-insensitive filesystems * Fix `-Wshadow` warnings * Fix deprecation warnings with newer SELinux Git-EVTag-v0-SHA512: b91b729ca27e1ccd86bcdefbc84c25cbecaf49e84f34d2d04c884c0bfbd6c96f56cf57bed0a3127f5ec12f6ab5b4032fb56ace276f66d95bb04f4ca5742e4315
Release 0.4.1 This release fixes a privilege escalation bug pointed out by Stephen Röttger, where in some setups bubblewrap can be used to gain root permissions. Only version 0.4.0 is vulnerable, and only if installed setuid while at the same time the kernel supports unprivileged user namespaces. More details in the advisory here: GHSA-j2qp-rvxj-43vj Additionally there are some minor changes: * Always clear the capability bounding set (cosmetic issue) * Make the tests work with libcap >= 2.29 * Properly report child exit status in some cases Alexander Larsson (9): Ensure we're always clearing the cap bounding set Don't rely on geteuid() to know when to switch back from setuid root Don't support --userns2 in setuid mode drop_privs: More explicit argument name Christian Kastner (1): tests: Update output patterns for libcap >= 2.29 Jean-Baptiste BESNARD (1): retcode: fix return code with syncfd and no event_fd TomSweeneyRedHat (1): Add Code of Conduct Git-EVTag-v0-SHA512: 0483b1e73940171e16ca41ab7994ae20e7572433a8f4cef276dfdf0685993b4c3bd21a002beb16003a29cf2280aa0394c3d2adaf1255ce1bb128bb2abaa32941
PreviousNext