Skip to content

Tags: Zorono/bubblewrap

Tags

v0.7.0

Toggle v0.7.0's commit message 
bubblewrap 0.7.0

New features:

* `--size` option controls the size of a subsequent `--tmpfs` (containers#509)
* Better error messages if a mount operation fails (containers#472)
* Better error message if creating the new user namespace fails with
  `ENOSPC` (containers#487)
* When building as a Meson subproject, a `RUNPATH` can be set on the
  executable to make it easier to bundle its `libcap` dependency

Bug fixes:

* When building with Autotools, ensure initial setup for `pkg-config`
  is not disabled by `--with-bash-completion-dir=PATH` (containers#316, containers#342, containers#441)
* Fix test failures when running as uid 0 but with limited capabilities
  (containers#510)
* Use POSIX `command -v` in preference to non-standard `which` (containers#527)
* Fix a copy/paste error in `--help` (containers#531)

Git-EVTag-v0-SHA512: f4f6e2a92493461c2c39bacc1c3003167162113c88d2142f2041dcb830f3bd3a7df541aad361d1e6ce99576d66bd7eac1065340406e294cd4769b9c4c81c2a2c

v0.6.2

Toggle v0.6.2's commit message 
bubblewrap v0.6.2

New features in Meson build:

* Auto-detect whether the man page can be generated
* `-Dbwrapdir=...` changes the installation directory (useful when being
  used as a subproject)
* `-Dtests=false` disables unit tests

Bug fixes:

* Add `--add-seccomp-fd` to shell completions
* Document `--add-seccomp-fd`, `--json-status-fd` and `--share-net`
  in the man page
* Add attributes to silence various compiler warnings
* Allow compilation of tests with musl on mips architectures
* Allow compilation with older glibc
* Disable sanitizers for a test helper whose seccomp profile breaks
  the instrumentation
* Disable AddressSanitizer leak detection where it interferes with
  unit testing

Git-EVTag-v0-SHA512: c39a93493bbb32c6e0521c62cf8f1683ad7ea71b2c11888ad40ed108b647e65b732177ec28809510e9e5253e09926ff444aada42ed6fe2ffea43608c23f43a44

v0.6.1

Toggle v0.6.1's commit message 
bubblewrap v0.6.1

* Fix `bwrap --version` when built with Meson (containers#477)
* Don't install zsh completion as executable when built with Meson

Git-EVTag-v0-SHA512: d70aa47bb1ebfd37dcbf63551f10f824582b7fcd5931f4568c247df5bc2707ca1ea32e6d57dbbd4d0ac08f8c78cfecdced0b24de7339af59d42933cfa7b56b02

v0.6.0

Toggle v0.6.0's commit message 
bubblewrap 0.6.0

New features:

* New `--add-seccomp` option can be used to add more than one seccomp
  program (containers#453)
* Add a warning when repeating options where only the last one will be
  used, in particular `--seccomp` (containers#454)
* Add a Meson build system. (containers#432)
    * This can be used as a subproject by larger Meson projects. When
      used as a subproject, the `-Dprogram_prefix` option is required:
      see `tests/use-as-subproject/` for an example.
    * There is no equivalent of the `--with-priv-mode=setuid` option
      in this build system. Distributions that still require a setuid
      bubblewrap executable will need to `chown` and `chmod` the executable
      appropriately as a separate step in their packaging.
    * The Autotools build system is still supported in this release,
      but might be removed in a future release if the Meson build system
      is sufficiently successful.

Bug fixes:

* Invoke bash via `PATH` for better compatibility with non-FHS operating
  systems
* Exit early when `argc == 0`, to harden against the equivalent of
  CVE-2021-4034 (this is not a security issue in our case)

Other changes:

* The default branch is now named `main`
* Partial REUSE support (add SPDX-License-Identifier to many source files)
* Remove old CI integration

Git-EVTag-v0-SHA512: f07c0e1b6950c698683a802077ad954bdb6a94c62c01971a5eb5b7660376ff880c79f1b65c6eab7cf176933126572cc65ac8bb095b61141c44be16a6c44209fc

v0.5.0

Toggle v0.5.0's commit message 
Release v0.5.0

New features:

* `--chmod` changes permissions
* `--clearenv` unsets every environment variable (except `PWD`)
* `--perms` sets permissions for one subsequent `--bind-data`, `--dir`,
  `--file`, `--ro-bind-data` or `--tmpfs`

Other enhancements:

* Better diagnostics when a `--bind` or other bind-mount fails
* `zsh` tab-completion
* Better test coverage

Bug fixes:

* Use Python 3 for tests and examples
* Mount points for non-directories are created with permissions
  `-r--r--r--` instead of `-rw-rw-rw-`
* Don't remount items in `/proc` read-only if already `EROFS`, required
  to run under Docker
* Allow mounting an non-directory over an existing non-directory,
  e.g. `--bind "$XDG_RUNTIME_DIR/my-log-socket" /dev/log`
* Silence kernel messages for our bind-mounts
* Make sure `pkg-config` is checked for, regardless of build options
* Improve ability to bind-mount directories on case-insensitive filesystems
* Fix `-Wshadow` warnings
* Fix deprecation warnings with newer SELinux

Git-EVTag-v0-SHA512: b91b729ca27e1ccd86bcdefbc84c25cbecaf49e84f34d2d04c884c0bfbd6c96f56cf57bed0a3127f5ec12f6ab5b4032fb56ace276f66d95bb04f4ca5742e4315

v0.4.1

Toggle v0.4.1's commit message

Verified

This tag was signed with the committer’s verified signature.
alexlarsson Alexander Larsson
GPG key ID: EB6216DDB76C70E9
Verified
Learn about vigilant mode 
Release 0.4.1

This release fixes a privilege escalation bug pointed out by Stephen Röttger, where in some setups
bubblewrap can be used to gain root permissions. Only version 0.4.0 is vulnerable, and only
if installed setuid while at the same time the kernel supports unprivileged user namespaces.
More details in the advisory here:

  GHSA-j2qp-rvxj-43vj

Additionally there are some minor changes:
 * Always clear the capability bounding set (cosmetic issue)
 * Make the tests work with libcap >= 2.29
 * Properly report child exit status in some cases

Alexander Larsson (9):
      Ensure we're always clearing the cap bounding set
      Don't rely on geteuid() to know when to switch back from setuid root
      Don't support --userns2 in setuid mode
      drop_privs: More explicit argument name

Christian Kastner (1):
      tests: Update output patterns for libcap >= 2.29

Jean-Baptiste BESNARD (1):
      retcode: fix return code with syncfd and no event_fd

TomSweeneyRedHat (1):
      Add Code of Conduct
Git-EVTag-v0-SHA512: 0483b1e73940171e16ca41ab7994ae20e7572433a8f4cef276dfdf0685993b4c3bd21a002beb16003a29cf2280aa0394c3d2adaf1255ce1bb128bb2abaa32941

v0.4.0

Toggle v0.4.0's commit message

Verified

This tag was signed with the committer’s verified signature.
alexlarsson Alexander Larsson
GPG key ID: EB6216DDB76C70E9
Verified
Learn about vigilant mode 
Release 0.4.0

The biggest feature in this release is the support for joining
existing user and pid namespaces. This doesn't work in the setuid
mode (at the moment).

Other changes:
  - Stores namespace info in status json
  - In setuid mode pid 1 is now marked dumpable
  - Now builds with musl libc

Alexander Larsson (17):
      Tests: Fix test count
      setuid mode: Properly drop privs in monitor and pid1
      Mark init process as dumpable so we can see stuff in its /proc
      Add support for --userns and --userns2
      tests: test --userns
      utils: Add some utility function to pass pids over a socket
      utils: Add fork_intermediate_child() helper
      Add support for --pidns
      Add tests for --pidns
      tests: Better error message if assert_files_equal fails
      Fix typo in comment
      Drop cap bounding set also in --userns case
      Allow --uid and --gid with --userns
      tests: Fix --userns tests
      --userns --uid: Only swtich user if needed
      Merge pull request containers#338 from containers/reuse-namespaces
      Bump 0.4.0

Christian Kellner (3):
      bwrap: set opt_unshare_cgroup when _try succeeds
      bwrap: include the pid namespace id in status/json
      tests: check namespace info in json

Colin Walters (1):
      Post-release version bump

Jonathan Lebon (1):
      ci: Bump to fedora/29/atomic

shawrkbait (1):
      Add work-around for TEMP_FAILURE_RETRY to support musl

Git-EVTag-v0-SHA512: d3f07f58b50c579b27470722edfc87b741465ca37ff4d40c9f715d610a69a80a6e6035a0dee678158c1dd77edb0b06bed3ffd6393a784d4ed975c092eb151952

v0.3.3

Toggle v0.3.3's commit message

Verified

This tag was signed with the committer’s verified signature.
cgwalters Colin Walters
GPG key ID: DC45FD5921C13F0B
Verified
Learn about vigilant mode 
Release 0.3.3

[This release is the same as `0.3.2` but the version number in `configure.ac`
 was accidentally still set to `0.3.1`)

This release fixes a mostly theoretical security issue in unusual/broken
setups where `$XDG_RUNTIME_DIR` is unset.

There are some other smaller fixes, as well as an addition to the JSON
API that allows reading the inner process exit code, separately from
the `bwrap` exit code.

Thanks to all contributors!

```
Iain Lane (1):
      tests: Handle systems without merged-/usr

Jakub Wilk (2):
      Fix typos
      Print "Out of memory" on stderr, not stdout

Richard Maw (3):
      Revert "README.md: Delete cat logo picture (not DFSG compliant)"
      bwrap: add option json-status-fd to show child exit code
      bwrap: Report COMMAND exit code in json-status-fd

Simon McVittie (3):
      man page: Describe --chdir, not nonexistent --cwd
      Don't create our own temporary mount point for pivot_root
      tests: Ensure that tmpfs with oldroot/newroot doesn't appear in container

Timothy E Baldwin (1):
      Make lockdata long enough on 32-bit with 64-bit file pointers.
```

Git-EVTag-v0-SHA512: 1320cc04e853be996e6fa53fb3e472f732ac02855ab05984fa3350aed1d8760fc3b9eac0e6af06843a1f6265afe424e042c937d64606ef2eb29ec53a3539c217

v0.3.2

Toggle v0.3.2's commit message

Verified

This tag was signed with the committer’s verified signature.
cgwalters Colin Walters
GPG key ID: DC45FD5921C13F0B
Verified
Learn about vigilant mode 
Release 0.3.2

This release fixes a mostly theoretical security issue in unusual/broken
setups where `$XDG_RUNTIME_DIR` is unset.

There are some other smaller fixes, as well as an addition to the JSON
API that allows reading the inner process exit code, separately from
the `bwrap` exit code.

Thanks to all contributors!

```
Iain Lane (1):
      tests: Handle systems without merged-/usr

Jakub Wilk (2):
      Fix typos
      Print "Out of memory" on stderr, not stdout

Richard Maw (3):
      Revert "README.md: Delete cat logo picture (not DFSG compliant)"
      bwrap: add option json-status-fd to show child exit code
      bwrap: Report COMMAND exit code in json-status-fd

Simon McVittie (3):
      man page: Describe --chdir, not nonexistent --cwd
      Don't create our own temporary mount point for pivot_root
      tests: Ensure that tmpfs with oldroot/newroot doesn't appear in container

Timothy E Baldwin (1):
      Make lockdata long enough on 32-bit with 64-bit file pointers.
```

Git-EVTag-v0-SHA512: 56fe39e400413c02d06f9ceae54718c252dcd0e79de77bf22095fc0f037aa8e4dd11a1cab0760d26e068b9d2dae041564a2c8331d56a408e6c772234cac98f3b

v0.3.1

Toggle v0.3.1's commit message

Verified

This tag was signed with the committer’s verified signature.
alexlarsson Alexander Larsson
GPG key ID: EB6216DDB76C70E9
Verified
Learn about vigilant mode 
Release 0.3.1

New feature in this release is --bind-try (as well as --dev-bind-try
and --ro-bind-try) which works like the regular versions if the source
exists, but does nothing if it doesn't exist.

The mount type for the root tmpfs was also changed to "tmpfs" instead
of being empty, as the later could cause problems with some programs
when parsing the mountinfo files in /proc.

```
Alexander Larsson (1 PR, 1 commit)
  Post-release version bump to 0.3.1 (containers#285)

Colin Walters (1 PR, 1 commit)
  Use "tmpfs" instead of empty string for mount (containers#278)

Patrick Griffis (1 PR, 1 commit)
  Add --bind-try options (containers#283)

chocolateboy (1 PR, 1 commit)
  Fix doc typo (containers#280)
```

Git-EVTag-v0-SHA512: 60d0a82b6332fcc5710d83a1980e5c77c688dfd8642f42ca04f637f4a0b948dd4841411deeff9f9165a3982bad6e4c08db3af115f69af93d8e8d1c2830f3d3fa