diff options
author | Tim Janik <timj@gnu.org> | 2016-06-23 00:36:26 +0200 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2016-06-22 22:39:36 +0000 |
commit | 625209e494d4fb3b3dcd80110af89228a2ea5699 (patch) | |
tree | 0474601242a3054f3782b931b1dc4b8218a7776d /README.md | |
parent | 426262db53c67ba67de6470c49fe294f6d75ab78 (diff) | |
download | bubblewrap-625209e494d4fb3b3dcd80110af89228a2ea5699.tar.gz |
README.md: minor typo fixes
Closes: #80
Approved by: cgwalters
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -67,7 +67,7 @@ Usage bubblewrap works by creating a new, completely empty, mount namespace where the root is on a tmpfs that is invisible from the host, and will be automatically cleaned up when the last process -exists. You can then use commandline options to construct the root +exits. You can then use commandline options to construct the root filesystem and process environment and command to run in the namespace. @@ -151,7 +151,7 @@ and the myriad ways in which system administrators may configure a system. The bubblewrap approach is to only retain a few specific Linux capabilities such as `CAP_SYS_ADMIN`, but to always access the filesystem as the invoking uid. This entirely closes -[TOCTOCU attacks](https://cwe.mitre.org/data/definitions/367.html) and +[TOCTTOU attacks](https://cwe.mitre.org/data/definitions/367.html) and such. Related project comparison: Sandstorm.io |