Bubblewrap is a setuid implementation of user namespaces, or sandboxing, that provides access to a subset of kernel user namespace features. Bubblewrap allows user owned processes to run in an isolated environment with limited access to the underlying filesystem.
Development versions of BLFS may not build or run some packages properly if LFS or dependencies have been updated since the most recent stable versions of the books.
Download (HTTP): https://github.com/containers/bubblewrap/releases/download/v0.11.0/bubblewrap-0.11.0.tar.xz
Download MD5 sum: 630eec714ea04729efd116ea85a715a3
Download size: 116 KB
Estimated disk space required: 3.2 MB (with tests)
Estimated build time: less than 0.1 SBU (with tests)
libxslt-1.1.42 (to generate manual pages), libseccomp-2.5.5 (built with python bindings, for tests), bash-completion, and SELinux
When this package began, upstream expected it could be installed suid-root. That was a long time ago, suid-root is generally considered a bad idea. As well as the default namespaces, this package requires the optional User namespace to be enabled. If that has not yet been enabled, select the following option in the kernel configuration and recompile the kernel:
General setup ---> -*- Namespaces support ---> [NAMESPACES] [*] User namespace [USER_NS]
Install Bubblewrap by running the following commands:
mkdir build && cd build && meson setup --prefix=/usr --buildtype=release .. && ninja
Next, if you desire to run the test suite, fix an issue caused by the merged-/usr configuration in LFS:
sed 's@symlink usr/lib64@ro-bind-try /lib64@' -i ../tests/libtest.sh
To test the results, issue (as a user other than the root
user): ninja
test
Now, as the root
user:
ninja install
--buildtype=release
:
Specify a buildtype suitable for stable releases of the package, as
the default may produce unoptimized binaries.