Sisyphus repositório
Última atualização: 1 outubro 2023 | SRPMs: 18631 | Visitas: 37048137
en ru br
ALT Linux repositórios
S:0.8.0-alt1

Group :: Sistema/Base
RPM: bubblewrap

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs e FR  Repocop 

%def_enable selinux
# "setuid" or "none"
%define priv_mode setuid
%if %priv_mode == "setuid"
%def_disable userns
%endif

Name: bubblewrap
Version: 0.7.0
Release: alt1

Summary: Unprivileged sandboxing tool

Group: System/Base
License: LGPLv2+
Url: https://github.com/projectatomic/bubblewrap

Packager: Vitaly Lipatov <lav at altlinux.ru>

# Source-url: https://github.com/projectatomic/bubblewrap/releases/download/v%version/bubblewrap-%version.tar.xz

Vcs: https://github.com/projectatomic/bubblewrap.git
Source: %name-%version.tar
#Source: https://github.com/projectatomic/%name/releases/download/v%version/%name-%version.tar.xz

Patch1: bubblewrap-fix-run-path.patch

%if %priv_mode == "none"
Requires(pre): libcap-utils
%endif

BuildRequires(pre): rpm-macros-meson
BuildRequires: meson gcc-c++ binutils-devel libelf-devel
BuildRequires: db2latex-xsl docbook-style-xsl libcap-devel xsltproc
BuildRequires: python3 bash-completion
%{?_enable_selinux:BuildRequires: libselinux-devel}

%description
Many container runtime tools like systemd-nspawn, docker, etc. focus on providing
infrastructure for system administrators and orchestration tools (e.g. Kubernetes) to run containers.

These tools are not suitable to give to unprivileged users,
because it is trivial to turn such access into to a fully privileged root shell on the host.

%prep
%setup
%patch1 -p1

%build
%meson \
%{?_disable_selinux:-Dselinux=disabled} \
%{?_enable_userns:-Drequire_userns=true}
%nil
%meson_build

%install
%meson_install

%if_enabled userns
mkdir -p %buildroot%_sysctldir
cat > %buildroot%_sysctldir/90-bwrap.conf << _EOF_
kernel.userns_restrict = 0
_EOF_
%endif

%if %priv_mode == "none"
%post
setcap -q "cap_sys_admin,cap_net_admin,cap_sys_chroot,cap_setuid,cap_setgid=ep" %_bindir/bwrap 2>/dev/null ||:
%endif

%files
%if %priv_mode == "setuid"
%attr(4511,root,root) %_bindir/bwrap
%else
%_bindir/bwrap
%endif
%{?_enable_userns:%_sysctldir/90-bwrap.conf}
%_man1dir/bwrap*
%_datadir/bash-completion/completions/bwrap
%_datadir/zsh/site-functions/_bwrap

%changelog

Todas as alterações você pod ver aqui

 
projeto & código: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
mantenedor atual: Michael Shigorin
mantenedor da tradução: Fernando Martini aka fmartini © 2009