On Sun, 2015-09-06 at 12:46 -0400, Colin Walters wrote: > Hi, > > While I know it's not officially part of this effort, I'd like to > crosspost the announcement of a new release of my project > "linux-user-chroot" here: Interesting... Does any of this/can any of this overlap with the xdg-app work alexl is doing? > https://git.gnome.org/browse/linux-user-chroot/tag/?id=v2015.1 > > It's focused around *non-root* containers. In contrast to: > http://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/ > > I believe it's an easy way to use Linux container features as non-root > to enhance integrity and confidentiality. For example, here's a bash > alias I'm using: > > alias make='chrt --idle 0 linux-user-chroot --unshare-ipc --unshare-net --unshare-pid --mount-devapi /dev --mount-proc /proc --seccomp-profile-version 0 --chdir $(pwd) / make' Is there an extra unwanted space after the $(pwd) and before the / ? > > Now, whenever I'm building a project directly on my workstation and I > just type my normal "make -j 4", it's sandboxed fairly well. Another > intended use of linux-user-chroot is for robust build systems that run > as non-root. The upstream README has some links: > https://git.gnome.org/browse/linux-user-chroot/tree/README?id=v2015.1 Cool! Thanks, James > > >
Attachment:
signature.asc
Description: This is a digitally signed message part