unshare
unshare copied to clipboard
tailhook
The low-level linux containers creation library for rust
I want to put the child into a network namespace by calling setns, but this requires CAP_SYS_ADMIN, which I've lost after the uid/gid mapping. (Basically building a rootless container). The...
Since Linux 3.19 unprivileged writing of /proc/self/gid_map has been disabled unless /proc/self/setgroups is written first to permanently disable the ability to call setgroups in that user namespace. This essentially means...
Hi, Thanks for this amazing library. I need to execute a binary using unshare. I am able to execute it in my shell using: `unshare --map-root-user --net -- /path/to/binary` just...
Hello, I've been trying to implement a tool based on this library which shares some functionality with the unshare utility from util-linux and noticed a problem where mapping UIDs and...
I'd like to be able to control the ordering of variables in the environment. Would it be reasonable for the environment hash to become an ordered hash-map, rather than an...
Hey, I hope this is fine! I needed to implement AsRawFd for pipes. On the way I did some clippy fixes. Thanks!
Would you consider PRs that add support for Linux sandboxing features that are complementary to namespaces, such as MAC (via AppArmor, for example) and seccomp filters? This would enable using...
Since `Command` mostly adheres to a builder pattern, and `spawn` can be called multiple times, it would be useful to change the program. Motivating example: a user wants to fall...
`pivot_root` succeeds if user namespace is not used, but fails with `EINVAL` (os error 22). Bind mounting the `new_root` to itself solves it. I think that's a hack used by...
Nix crate v0.20.0 contains a vulnerability (RUSTSEC-2021-0119)
