Bug#823548: ITP: bubblewrap -- setuid wrapper for unprivileged chroot and namespace manipulation
Package: wnpp
Severity: wishlist
Owner: Simon McVittie <smcv@debian.org>
Control: affects -1 xdg-app
* Package name : bubblewrap
Version : (no releases yet)
Upstream Author : Colin Walters, Alex Larsson
* URL : https://github.com/projectatomic/bubblewrap/
* License : LGPL-2+
Programming Lang: C
Description : setuid wrapper for unprivileged chroot and namespace manipulation
bubblewrap is a setuid wrapper tool with which unprivileged users can
launch containers, using chroot and various Linux namespace features,
without giving those users access to the full attack surface of user
namespaces.
---
bubblewrap is derived from xdg-app-helper in src:xdg-app, which is itself
derived from linux-user-chroot. The next upstream version of
xdg-app will replace xdg-app-helper with a private copy of bubblewrap as a
git submodule; later versions are intended to use a system copy of
bubblewrap, at least optionally.
When bubblewrap has matured a bit and had some releases, it might make
sense to treat it as superseding linux-user-chroot, possibly with a
transitional package containing a script for command-line compatibility,
so that the overall number of setuid-root things in the archive can
reduce. (linux-user-chroot maintainer in X-Debbugs-Cc)
I intend to maintain this in collab-maint, with pkg-utopia as
the primary maintainer (unless some other team wants it). Co-maintainers
and security audits welcome.
S
Reply to: