bubblewrap icon indicating copy to clipboard operation
bubblewrap copied to clipboard
verified publisher icon containers

Only verify MAX_ARG limit when running privileged.

Open brown opened this issue 5 years ago • 4 comments

I've hit the MAX_ARG limit. There doesn't seem to be any reason for it when bwrap is unprivileged.

brown avatar Sep 21 '20 17:09 brown

Can one of the admins verify this patch? I understand the following commands:

  • bot, add author to whitelist
  • bot, test pull request
  • bot, test pull request once

rh-atomic-bot avatar Sep 21 '20 17:09 rh-atomic-bot

I don’t see why the reason for the hardening would only apply to privileged bwrap.

charmander avatar Sep 30 '20 23:09 charmander

I don’t see why the reason for the hardening would only apply to privileged bwrap.

If bubblewrap has no special permissions compared to the process executing it, then it makes no sense since the process could just do what the unprivileged bubblewrap would do if it disregarded the limit.

L-as avatar Dec 25 '20 21:12 L-as

What if the data bubblewrap is parsing is the problem (i.e. untrusted), not the program passing it through?

charmander avatar Dec 26 '20 06:12 charmander