Bug#964199: ITP: nsjail -- A light-weight process isolation tool using namespaces and seccomp-bpf syscall filters

[Christian Blichmann <cblichmann@google.com>]

Hi Michael,

On Thu, Jun 9, 2022 at 6:23 PM Michael Prokop <mika@debian.org> wrote:

Hi!

* Christian Blichmann [Fri Jul 03, 2020 at 04:06:42PM +0200]:

> * Package name : nsjail
> Version : 2.9
> Upstream Author : Robert Swiecki <robert@swiecki.net>
> * URL : https://nsjail.dev/
> * License : Apache-2.0
> Programming Lang: C++
> Description : A light-weight process isolation tool using
> namespaces and seccomp-bpf syscall filters
[...]

> - How do you plan to maintain it? Inside a packaging team?
>
> I want to maintain it as part of the "pkg-security" team.

A friend of mine asked me about the Debian packaging of nsjail and I
stumbled upon this ITP, and also noticed that we've got
https://salsa.debian.org/pkg-security-team/nsjail already.
Is there anything missing yet for uploading it towards Debian? :)

Well, I got reasonably far in my first go and the packaging itself was mostly done. However, IIRC, I had some trouble with nsjail's Kafel dependency -- it's in the repo as a sub-module and I'm unsure how to properly generate the source tarball for this. Packaging Kafel separately IMO makes no sense, as nsjail is literally the only project using this.

There have been several releases since I last touched the packaging, so that will need some updating, too.

I cannot promise anything, but I'll try to look into this a bit more next week.

 

[...]

Cheers,

--

Christian Blichmann | Senior Software Engineer | Google™
m: +41 79 7 18 79 43 | cblichmann@google.com

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature