summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Prepare v0.7.0v0.7.0Simon McVittie2022-11-072-2/+2
| | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
* Fix copy/paste error in help for --pidnsSimon McVittie2022-10-271-1/+1
| | | | | | | | --pidns acts on a pid namespace, not a user namespace. Resolves: https://github.com/containers/bubblewrap/issues/531 Thanks: hadess Signed-off-by: Simon McVittie <smcv@collabora.com>
* Merge pull request #441 from smcv/as-ifSimon McVittie2022-10-271-16/+14
|\ | | | | build: Consistently use AS_IF instead of if/then/fi
| * build: Consistently use AS_IF instead of if/then/fiSimon McVittie2022-01-311-16/+14
| | | | | | | | | | | | | | | | | | | | | | AS_IF is best-practice for Autoconf, because it resolves conditional dependencies correctly; for example, if the first use of PKG_CHECK_MODULES is inside an if/then/fi block, then PKG_CHECK_PKG_CONFIG will also be conditional, but if the first use of PKG_CHECK_MODULES is inside AS_IF, then PKG_CHECK_PKG_CONFIG will be done unconditionally. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | Merge pull request #509 from tomsmeding/tmpfs-sizeSimon McVittie2022-10-265-41/+207
|\ \ | | | | | | Add --size option to control size of a --tmpfs
| * | --size: Update completions and documentationTom Smeding2022-10-263-2/+46
| | | | | | | | | | | | Signed-off-by: Tom Smeding <tom@tomsmeding.com>
| * | Tests for --size and --permsTom Smeding2022-10-261-1/+58
| | | | | | | | | | | | Signed-off-by: Tom Smeding <tom@tomsmeding.com>
| * | Add --size option to control size of a --tmpfsTom Smeding2022-10-261-18/+93
| | | | | | | | | | | | Signed-off-by: Tom Smeding <tom@tomsmeding.com>
| * | Prepare for multiple different modifier optionsTom Smeding2022-05-141-21/+11
| | | | | | | | | | | | Signed-off-by: Tom Smeding <tom@tomsmeding.com>
* | | Merge pull request #487 from smcv/better-enospc-messageSimon McVittie2022-10-031-0/+3
|\ \ \ | | | | | | | | Improve error message when clone() fails with ENOSPC
| * | | Improve error message when clone() fails with ENOSPCSimon McVittie2022-03-221-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | In particular, this would have given #371 a clearer error message. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #527 from a1346054/fixesSimon McVittie2022-09-131-1/+1
|\ \ \ \ | | | | | | | | | | test-run: replace nonstandard `which`
| * | | | test-run: replace nonstandard `which`a13460542022-09-121-1/+1
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | `command -v` is the standardized replacement for `which` and never writes to stderr Signed-off-by: a1346054 <36859588+a1346054@users.noreply.github.com>
* | | | bind-mount: Include failing path in error messageSimon McVittie2022-08-163-26/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prompted by flatpak/flatpak#4731, in which a misconfigured SMB automount was failing to be remounted with ENODEV. This would have been easier to debug if we knew which path could not be remounted. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #510 from smcv/etc-shadowSimon McVittie2022-07-261-1/+8
|\ \ \ \ | | | | | | | | | | Adjust tests related to /etc/shadow
| * | | | test-run: Add another assertion that we cannot read /etc/shadowSimon McVittie2022-05-111-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The goal of this assertion was to demonstrate that a setuid bwrap does not give us access to otherwise unreadable files, but if we want to check that, we should probably be looking at the bind-mount destination instead of the source file. Leave the old assertion in too, just in case *that* fails. Signed-off-by: Simon McVittie <smcv@collabora.com>
| * | | | test-run: Skip a test if we can read /etc/shadowSimon McVittie2022-05-111-1/+2
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ordinarily, we would not be able to read /etc/shadow if we're not uid 0; but when building in a sysroot owned by the current user (for example by setting it up using bwrap, as steam-runtime-tools does), we might actually be able to read it. Skip the assertion that we cannot read it in this case. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | meson: Add options to set a RPATH/RUNPATH on the bwrap executableSimon McVittie2022-05-165-0/+40
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | This is useful when building a self-contained, relocatable tree containing a build of bubblewrap and all of its non-glibc dependencies (in practice this means libcap and maybe libselinux), as is done in the Steam container runtime. A RPATH/RUNPATH pointing to ${ORIGIN}/../lib allows bwrap to find an adjacent, bundled copy of libcap. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | Release v0.6.2v0.6.2Simon McVittie2022-05-112-2/+2
| | | | | | | | | | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | Merge pull request #486 from smcv/unusedSimon McVittie2022-05-112-5/+5
|\ \ \ | | | | | | | | Annotate some variables as sometimes-unused
| * | | utils: Silence -Wunused-parameter with clang, Meson, and SELinux disabledSimon McVittie2022-04-051-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | These parameters are unused if SELinux happens to be disabled. Signed-off-by: Simon McVittie <smcv@collabora.com>
| * | | Silence -Wunused-but-set-variable with clangSimon McVittie2022-04-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This variable is only used for lifetime tracking (autocleanup), but clang warns on that. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #492 from smcv/mipsSimon McVittie2022-05-101-3/+3
|\ \ \ \ | | | | | | | | | | try-syscall: Use compiler-predefined macros to detect mips ABI
| * | | | try-syscall: Use compiler-predefined macros to detect mips ABISimon McVittie2022-04-051-3/+3
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | _MIPS_SIM_ABI32 etc. are defined by Linux <asm/sgidefs.h>, which is included by glibc <sys/syscall.h> (which defers to Linux headers to get syscall numbers), but not by musl <sys/syscall.h>. _ABIO32 etc. are predefined by the compiler, so they are always available, regardless of libc. References: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=27d54b2a6c18ef1ae50f1a5b432d590438445b90 https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=0ea339ea4d9c3e04ae17da6bf389617eb0251e57 Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #493 from smcv/bwrapdirSimon McVittie2022-05-102-5/+12
|\ \ \ \ | | | | | | | | | | meson: Allow installation directory to be set explicitly
| * | | | meson: Allow installation directory to be set explicitlySimon McVittie2022-04-052-5/+12
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | Overriding the libexecdir via default_options doesn't always work when used as a subproject. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #496 from smcv/missing-defSimon McVittie2022-05-102-0/+8
|\ \ \ \ | | | | | | | | | | Allow building on old glibc without PR_SET_CHILD_SUBREAPER defined
| * | | | Allow building on old glibc without PR_SET_CHILD_SUBREAPER definedSimon McVittie2022-04-052-0/+8
| |/ / / | | | | | | | | | | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | tests: Disable leak detection when joining user-specified pid namespaceSimon McVittie2022-05-032-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we don't do this, AddressSanitizer busy-loops with this backtrace: #0 in sched_yield #1 in __sanitizer::StopTheWorld #2 in __lsan::LockStuffAndStopTheWorldCallback #3 in __GI___dl_iterate_phdr #4 in __lsan::LockStuffAndStopTheWorld #5 in __lsan::CheckForLeaks #6 in __lsan::DoLeakCheck #7 __lsan::DoLeakCheck #8 in __cxa_finalize #9 in __do_global_dtors_aux #10 in ?? #11 in _dl_fini This fixes the hang described in commit 2e3d6e7d, so remove the workarounds from that commit. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | tests: Disable sanitizers for try-syscallSimon McVittie2022-05-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | gcc's AddressSanitizer makes system calls that our filter doesn't allow for, resulting in a fatal error when run under a restrictive seccomp filter. try-syscall is a helper for the test, rather than being code under test itself, so we don't really need this instrumentation in it: all we want it to do is make some specific syscalls. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | build: Auto-detect presence of Docbook XSL stylesheetsSimon McVittie2022-05-031-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This follows the usual feature semantics: they're mandatory if the feature is enabled, aren't checked if the feature is disabled, and are optional if the feature is in the auto state (which is the default for this particular feature). The logic used here is similar to AX_CHECK_DOCBOOK_XSLT in autoconf-archive. Resolves: https://github.com/containers/bubblewrap/issues/500 Signed-off-by: Simon McVittie <smcv@collabora.com>
* | | | Merge pull request #501 from rusty-snake/fix-missing-options-in-manpageSimon McVittie2022-04-211-0/+26
|\ \ \ \ | | | | | | | | | | Add --share-net & --json-status-fd to the manpage
| * | | | Add --share-net & --json-status-fd to the manpagerusty-snake2022-04-211-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #469 Fixes #499 Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | | | | Merge pull request #491 from ffontaine/mainSimon McVittie2022-04-212-1/+9
|\ \ \ \ \ | |/ / / / |/| | | | meson: add tests option
| * | | | meson: add tests optionFabrice Fontaine2022-04-062-1/+9
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow the user to disable tests, for example to avoid the following build failure on mips32: FAILED: tests/try-syscall.p/try-syscall.c.o /home/autobuild/autobuild/instance-11/output-1/host/bin/mipsel-buildroot-linux-musl-gcc -Itests/try-syscall.p -Itests -I../tests -fdiagnostics-color=always -Wall -Winvalid-pch -Wextra -O3 -D_GNU_SOURCE -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -Wno-sign-compare -Wno-error=sign-compare -Wno-missing-field-initializers -Wno-error=missing-field-initializers -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -O1 -g0 -MD -MQ tests/try-syscall.p/try-syscall.c.o -MF tests/try-syscall.p/try-syscall.c.o.d -o tests/try-syscall.p/try-syscall.c.o -c ../tests/try-syscall.c ../tests/try-syscall.c:34:5: error: #error "Unknown MIPS ABI" 34 | # error "Unknown MIPS ABI" | ^~~~~ Fixes: - http://autobuild.buildroot.org/results/cf0365354fc8c16e5871d561daae0fa5039d0bee Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
* | | | Merge pull request #489 from Newbytee/patch-1Simon McVittie2022-04-061-1/+1
|\ \ \ \ | |/ / / |/| | | Link to the last commit where xdg-app-helper.c existed
| * | | Link to the last commit where xdg-app-helper.c existedNewbyte2022-03-231-1/+1
|/ / / | | | | | | | | | | | | | | | Right now this link just opens a "path not found" page, so let's fix that by linking to the last commit where it existed instead. Signed-off-by: Newbyte <newbie13xd@gmail.com>
* | | Merge pull request #484 from rusty-snake/install-instructionsSimon McVittie2022-03-221-0/+24
|\ \ \ | | | | | | | | Add install instruction to README.md
| * | | Add install instruction to README.mdrusty-snake2022-03-221-0/+24
| |/ / | | | | | | | | | | | | | | | | | | Closes #315 Closes #363 Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | | Merge pull request #483 from rusty-snake/add-seccomp-fd-completionsSimon McVittie2022-03-222-0/+2
|\ \ \ | | | | | | | | Add --add-seccomp-fd to bash/zsh completion
| * | | Add --add-seccomp-fd to bash/zsh completionrusty-snake2022-03-222-0/+2
| |/ / | | | | | | | | | Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | | Merge pull request #482 from rusty-snake/fix-add-seccomp-fdSimon McVittie2022-03-221-1/+1
|\ \ \ | |/ / |/| | Fix --add-seccomp-fd argument name in usage
| * | Fix --add-seccomp-fd argument name in usagerusty-snake2022-03-221-1/+1
|/ / | | | | | | | | | | | | --help shows --add-seccomp instead of --add-seccomp-fd which is the correct argument. Signed-off-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
* | Merge pull request #481 from Keruspe/clangSimon McVittie2022-03-181-0/+2
|\ \ | | | | | | tests: fix build with clang
| * | tests: properly tag ok as being printf-likeMarc-Antoine Perennou2022-03-181-0/+2
|/ / | | | | | | | | | | | | | | Avoids breaking warning with clang Fixes #478 Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
* | Prepare v0.6.1v0.6.1Simon McVittie2022-02-252-2/+2
| | | | | | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
* | Add a release checklistSimon McVittie2022-02-251-0/+18
| | | | | | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
* | Merge pull request #476 from smcv/zsh-noexecSimon McVittie2022-02-251-0/+0
|\ \ | | | | | | completions: Make zsh completion non-executable
| * | completions: Make zsh completion non-executableSimon McVittie2022-02-241-0/+0
|/ / | | | | | | | | | | | | | | | | | | | | The Autotools build system installed it with 0644 permissions because it's listed as DATA, but the Meson build system installs executable files as executable by default. zsh completions don't need to be executable to work, and this one doesn't have the `#!` marker that should start an executable script. Signed-off-by: Simon McVittie <smcv@collabora.com>
* | Release v0.6.0v0.6.0Simon McVittie2022-02-241-1/+1
| | | | | | | | Signed-off-by: Simon McVittie <smcv@collabora.com>
View Lorry Controller Status