[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [atomic-devel] linux-user-chroot v2015.1

On Sun, 2015-09-06 at 12:46 -0400, Colin Walters wrote:
> Hi,
> While I know it's not officially part of this effort, I'd like to
> crosspost the announcement of a new release of my project
> "linux-user-chroot" here:
Interesting... Does any of this/can any of this overlap with the xdg-app
work alexl is doing?

>  https://git.gnome.org/browse/linux-user-chroot/tag/?id=v2015.1
> It's focused around *non-root* containers.  In contrast to:
> http://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/
> I believe it's an easy way to use Linux container features as non-root
> to enhance integrity and confidentiality.  For example, here's a bash
> alias I'm using:
> alias make='chrt --idle 0 linux-user-chroot --unshare-ipc --unshare-net --unshare-pid --mount-devapi /dev --mount-proc /proc --seccomp-profile-version 0 --chdir $(pwd) / make'
Is there an extra unwanted space after the $(pwd) and before the /    ?

> Now, whenever I'm building a project directly on my workstation and I
> just type my normal "make -j 4", it's sandboxed fairly well.  Another
> intended use of linux-user-chroot is for robust build systems that run
> as non-root.  The upstream README has some links:
> https://git.gnome.org/browse/linux-user-chroot/tree/README?id=v2015.1



Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]