Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: unsharing mode, work on #28 #818

Merged
merged 1 commit into from
Aug 26, 2023
Merged

WIP: unsharing mode, work on #28 #818

merged 1 commit into from
Aug 26, 2023

Conversation

89luca89
Copy link
Owner

@89luca89 89luca89 commented Jun 23, 2023
edited
Loading

This should ensure a basic unsharing between guest and hosts

This is not a proper sandbox

This allows to:

-unshare-devsys: do not share host devices and sysfs dirs from host
-unshare-ipc: do not share ipc namemspace with host
-unshare-netns: do not share the net namespace with host
-unshare-process: do not share process namemspace with host

And an unshare-all to do all the above.

This allows to have only the minimal requirements to:

  • access user's HOME
  • launch applications with GUI/GPU/Audio/Video

Additional mountpoints can be declared with --volume

For now I'm not contemplating unsharing the home that would be a bit too much and denaturalise the purpose of distrobox itself.

@89luca89 89luca89 mentioned this pull request Jun 23, 2023
Closed
@89luca89 89luca89 linked an issue Jun 23, 2023 that may be closed by this pull request
[Feature] Sandboxed mode #28
Closed
@89luca89 89luca89 added the CI label Jun 23, 2023
@89luca89 89luca89 force-pushed the main branch 3 times, most recently from 6c315c5 to 88e2b5a Compare August 6, 2023 12:27
@89luca89 89luca89 force-pushed the feat/unsharing_mode branch from 00624c1 to ebd2939 Compare August 26, 2023 10:06
@89luca89 89luca89 force-pushed the feat/unsharing_mode branch from ebd2939 to 08e02e4 Compare August 26, 2023 10:11
@89luca89
WIP: unsharing mode, work on #28
858c756 
Signed-off-by: Luca Di Maio <[email protected]>
@89luca89 89luca89 force-pushed the feat/unsharing_mode branch from 08e02e4 to 858c756 Compare August 26, 2023 10:33
@89luca89 89luca89 marked this pull request as ready for review August 26, 2023 12:17
@89luca89 89luca89 removed the CI label Aug 26, 2023
@89luca89 89luca89 removed a link to an issue Aug 26, 2023
[Feature] Sandboxed mode #28
Closed
@89luca89 89luca89 merged commit 146d5db into main Aug 26, 2023
@89luca89 89luca89 deleted the feat/unsharing_mode branch August 26, 2023 12:22
@BrewTestBot BrewTestBot mentioned this pull request Nov 19, 2023
Merged
@89luca89 89luca89 restored the feat/unsharing_mode branch February 28, 2024 18:26
@89luca89 89luca89 deleted the feat/unsharing_mode branch February 28, 2024 18:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@89luca89