Context Navigation

source: general/sysutils/bubblewrap.xml@ c8b719a

Visit:

12.0 12.1 ken/TL2024 ken/tuningfonts lazarus plabs/newcss python3.11 rahul/power-profiles-daemon renodr/vulkan-addition trunk xry111/llvm18

Last change on this file since c8b719a was f525884, checked in by Ken Moffat <ken@…>, 10 months ago
Bubblewrap: add kernel config.
Property mode set to `100644`
File size: 5.4 KB

Line
1	<?xml version="1.0" encoding="ISO-8859-1"?>
2	<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4	<!ENTITY % general-entities SYSTEM "../../general.ent">
5	%general-entities;
6
7	<!ENTITY bubblewrap-download-http "https://github.com/containers/bubblewrap/releases/download/v&bubblewrap-version;/bubblewrap-&bubblewrap-version;.tar.xz">
8	<!ENTITY bubblewrap-download-ftp " ">
9	<!ENTITY bubblewrap-md5sum "fc0e14bc26df76225e8f8cc2df9fb657">
10	<!ENTITY bubblewrap-size "148 KB">
11	<!ENTITY bubblewrap-buildsize "3.4 MB (with tests)">
12	<!ENTITY bubblewrap-time "less than 0.1 SBU (with tests)">
13	]>
14
15	<sect1 id="bubblewrap" xreflabel="bubblewrap-&bubblewrap-version;">
16	<?dbhtml filename="bubblewrap.html"?>
17
18
19	<title>Bubblewrap-&bubblewrap-version;</title>
20
21	<indexterm zone="bubblewrap">
22	<primary sortas="a-bubblewrap">bubblewrap</primary>
23	</indexterm>
24
25	<sect2 role="package">
26	<title>Introduction to Bubblewrap</title>
27
28	<para>
29	<application>Bubblewrap</application> is a setuid implementation of user
30	namespaces, or sandboxing, that provides access to a subset of kernel
31	user namespace features. Bubblewrap allows user owned processes to run in
32	an isolated environment with limited access to the underlying filesystem.
33	<!-- Thanks for the reword DJ -->
34	</para>
35
36	&lfs113_checked;
37
38	<bridgehead renderas="sect3">Package Information</bridgehead>
39	<itemizedlist spacing="compact">
40	<listitem>
41	<para>
42	Download (HTTP): <ulink url="&bubblewrap-download-http;"/>
43	</para>
44	</listitem>
45	<listitem>
46	<para>
47	Download (FTP): <ulink url="&bubblewrap-download-ftp;"/>
48	</para>
49	</listitem>
50	<listitem>
51	<para>
52	Download MD5 sum: &bubblewrap-md5sum;
53	</para>
54	</listitem>
55	<listitem>
56	<para>
57	Download size: &bubblewrap-size;
58	</para>
59	</listitem>
60	<listitem>
61	<para>
62	Estimated disk space required: &bubblewrap-buildsize;
63	</para>
64	</listitem>
65	<listitem>
66	<para>
67	Estimated build time: &bubblewrap-time;
68	</para>
69	</listitem>
70	</itemizedlist>
71
72	<bridgehead renderas="sect3">Bubblewrap Dependencies</bridgehead>
73
74	<bridgehead renderas="sect4">Optional</bridgehead>
75	<para role="optional">
76	<xref linkend="libxslt"/> (to generate manual pages) and
77	<xref linkend="libseccomp"/> (built with python bindings, for tests)
78	</para>
79
80	</sect2>
81
82	<sect2 role="installation">
83	<title>Installation of Bubblewrap</title>
84
85	<para>
86	Install <application>Bubblewrap</application> by running the following
87	commands:
88	</para>
89
90	<screen><userinput>mkdir build &&
91	cd build &&
92
93	meson setup --prefix=/usr --buildtype=release .. &&
94	ninja</userinput></screen>
95
96	<para>
97	Next, if you desire to run the test suite, fix an issue caused by the
98	merged-/usr configuration in LFS:
99	</para>
100
101	<screen remap="test"><userinput>sed 's@symlink usr/lib64@ro-bind-try /lib64@' -i ../tests/libtest.sh</userinput></screen>
102
103	<para>
104	To test the results, issue (as a user other than the
105	<systemitem class="username">root</systemitem> user):
106	<command>ninja test</command>
107	</para>
108
109	<para>
110	Now, as the <systemitem class="username">root</systemitem> user:
111	</para>
112
113	<screen role="root"><userinput>ninja install</userinput></screen>
114	</sect2>
115
116	<sect2 role="commands">
117	<title>Command Explanations</title>
118
119	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
120	href="../../xincludes/meson-buildtype-release.xml"/>
121	</sect2>
122
123	<sect2 role="kernel" id="bubblewrap-kernel">
124	<title>Kernel Configuration</title>
125
126	<para>
127	When this package began, upstream expected it could be installed
128	suid-root. That was a long time ago, suid-root is generally considered
129	a bad idea. As well as the default namespaces, this package requires the
130	optional User namespace to be enabled. If that has not yet been enabled,
131	select the following option in the kernel configuration and recompile the
132	kernel:
133	</para>
134
135	<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
136	href="bubblewrap-kernel.xml"/>
137
138	<indexterm zone="bubblewrap bubblewrap-kernel">
139	<primary sortas="d-bubblewrap">bubblewrap</primary>
140	</indexterm>
141	</sect2>
142
143	<sect2 role="content">
144	<title>Contents</title>
145
146	<segmentedlist>
147	<segtitle>Installed Program</segtitle>
148	<segtitle>Installed Libraries</segtitle>
149	<segtitle>Installed Directories</segtitle>
150
151	<seglistitem>
152	<seg>
153	bwrap
154	</seg>
155	<seg>
156	None
157	</seg>
158	<seg>
159	None
160	</seg>
161	</seglistitem>
162	</segmentedlist>
163
164	<variablelist>
165	<bridgehead renderas="sect3">Short Descriptions</bridgehead>
166	<?dbfo list-presentation="list"?>
167	<?dbhtml list-presentation="table"?>
168
169	<varlistentry id="bwrap">
170	<term><command>bwrap</command></term>
171	<listitem>
172	<para>
173	generates a sandbox for a program to run in
174	</para>
175	<indexterm zone="bubblewrap bwrap">
176	<primary sortas="b-bwrap">bwrap</primary>
177	</indexterm>
178	</listitem>
179	</varlistentry>
180	</variablelist>
181	</sect2>
182
183	</sect1>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: