[Rpm-maint] [rpm-software-management/rpm] Add a new plugin to enable Linux-specific namespace functionality (PR #2666)
Panu Matilainen
notifications at github.com
Fri Sep 15 08:39:12 UTC 2023
A plugin is a convenient place to hide Linux-specific functionality. Implemented in this initial version are:
- Optional private mounts during scriptlet execution, useful for protecting the system from scriptlets (eg /home) and the scriptlets from themselves (eg insecure /tmp usage)
- Optionally disable network access during scriptlet execution
Note that at this time, scriplets executed with the embedded Lua interpreter are not covered by this because they run inside the main rpm process instead of forking (#2635).
Fixes: #2632
Fixes: #2665
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/2666
-- Commit Summary --
* Add a new plugin to enable Linux-specific namespace functionality
-- File Changes --
M docs/man/CMakeLists.txt (3)
M macros.in (5)
M plugins/CMakeLists.txt (4)
A plugins/unshare.c (74)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/2666.patch
https://github.com/rpm-software-management/rpm/pull/2666.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2666
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/2666 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230915/90c31a32/attachment.html>
More information about the Rpm-maint
mailing list