Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
dj_gitmo
on March 27, 2022
|
parent
|
context
|
favorite
| on:
Bubblewrap: Unprivileged sandboxing tool for Linux
I'm running firejail now and It doesn't look like it runs as root.
apitman
on March 27, 2022
[–]
Correct, it is an SUID executable[0], as is bubblewrap.
[0]:
https://en.m.wikipedia.org/wiki/Setuid
jwilk
on March 27, 2022
|
parent
|
next
[–]
This is poorly documented, but if the kernel supports unprivileged user namespaces, bubblewrap works without suid.
yjftsjthsd-h
on March 28, 2022
|
root
|
parent
|
next
[–]
Does/can firejail, or is that a difference?
apitman
on March 27, 2022
|
root
|
parent
|
prev
|
next
[–]
Good to know, thanks.
WhyNotHugo
on March 28, 2022
|
parent
|
prev
[–]
bubblewrap is only setuid if user namespaces are unavailable.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
