Commit eccdcd1f authored by Timo Teräs's avatar Timo Teräs

community/bubblewrap: use setuid mode and fix realpath issue

caps install mode was removed, so use setuid mode
parent 5a6b203b
......@@ -2,17 +2,19 @@
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=bubblewrap
pkgver=0.1.5
pkgrel=0
pkgrel=1
pkgdesc="Unprivileged sandboxing tool"
url="https://github.com/projectatomic/bubblewrap"
arch="all"
license="LGPL2+"
options="suid"
depends=""
depends_dev=""
makedepends="autoconf automake libcap-dev docbook-xsl $depends_dev"
install=""
subpackages="$pkgname-doc $pkgname-bash-completion:bashcomp:noarch"
source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz"
source="bubblewrap-$pkgver.tar.gz::https://github.com/projectatomic/bubblewrap/archive/v$pkgver.tar.gz
realpath-workaround.patch"
builddir="$srcdir/bubblewrap-$pkgver"
prepare() {
......@@ -30,7 +32,7 @@ build() {
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--localstatedir=/var \
--with-priv-mode=caps \
--with-priv-mode=setuid \
|| return 1
make || return 1
}
......@@ -49,6 +51,9 @@ bashcomp() {
mv "$pkgdir"/usr/share/bash-completion/ "$subpkgdir"/usr/share/ || return 1
}
md5sums="a709841b318bb02b243055625495e282 bubblewrap-0.1.5.tar.gz"
sha256sums="0a5a716a223dd4c93ccb45b1eb513a59f427f44c6a8675881de5954c026b8d7e bubblewrap-0.1.5.tar.gz"
sha512sums="df023942b2194552f9cdff348680a1e5287a674543df89ed1368f089ccca3db5524aa7b353e7f6c61575e9bcfab2318b8169c38c5a803879850abb16524e4458 bubblewrap-0.1.5.tar.gz"
md5sums="a709841b318bb02b243055625495e282 bubblewrap-0.1.5.tar.gz
469c4aa58c265d17fe2abd1690fdd952 realpath-workaround.patch"
sha256sums="0a5a716a223dd4c93ccb45b1eb513a59f427f44c6a8675881de5954c026b8d7e bubblewrap-0.1.5.tar.gz
cb291dd80a76bcec31a07e382f0f7e2606dd5b3e19d87a7b201728972607d069 realpath-workaround.patch"
sha512sums="df023942b2194552f9cdff348680a1e5287a674543df89ed1368f089ccca3db5524aa7b353e7f6c61575e9bcfab2318b8169c38c5a803879850abb16524e4458 bubblewrap-0.1.5.tar.gz
400a0446670ebf80f16739f1a7a2878aadc3099424f957ba09ec3df780506c23a11368f0578c9e352d7ca6473fa713df826fad7a20c50338aa5f9fa9ac6b84a4 realpath-workaround.patch"
Musl realpath() implementation currently depends on /proc which is
not available when setting up pivot root. For the time being just
fallback to given path if realpath() fails. If there was symlinks
that would have required normalizing the following parse_mountinfo()
will fail.
diff --git a/bind-mount.c b/bind-mount.c
index 7d3543f..c33b701 100644
--- a/bind-mount.c
+++ b/bind-mount.c
@@ -397,7 +397,7 @@ bind_mount (int proc_fd,
path, so to find it in the mount table we need to do that too. */
resolved_dest = realpath (dest, NULL);
if (resolved_dest == NULL)
- return 2;
+ resolved_dest = strdup (dest);
mount_tab = parse_mountinfo (proc_fd, resolved_dest);
if (mount_tab[0].mountpoint == NULL)
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment