The bubblewrap readme currently still says that it uses setuid instead of userns, so it surprised me to read here that “bubblewrap runs containers as a non-root user, using user namespaces”. Reading bubblewrap.c I see that, contrary to its readme, nowadays it actually can use either of setuid or userns.
Informative post.
The bubblewrap readme currently still says that it uses setuid instead of userns, so it surprised me to read here that “bubblewrap runs containers as a non-root user, using user namespaces”. Reading bubblewrap.c I see that, contrary to its readme, nowadays it actually can use either of setuid or userns.