You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bubblewrap creates namespaces without special privileges, but it can only create new ones. In order to enter those namespaces, nsenter should be run with CAP_SYS_ADMIN.
In the GNOME launcher we an launch new instances of an application. However, the two instances of the application are in two different namespaces, which confuses the application and wastes system resources.
One way is to implement some listener in the running bwrap process with authentication, and when the user requests to launch something new inside the sandbox, launch it.
PS: This would introduce many complex logic, and IMHO C++ may be a better tool for it.
The text was updated successfully, but these errors were encountered:
bubblewrap
creates namespaces without special privileges, but it can only create new ones. In order to enter those namespaces,nsenter
should be run withCAP_SYS_ADMIN
.In the GNOME launcher we an launch new instances of an application. However, the two instances of the application are in two different namespaces, which confuses the application and wastes system resources.
One way is to implement some listener in the running
bwrap
process with authentication, and when the user requests to launch something new inside the sandbox, launch it.PS: This would introduce many complex logic, and IMHO C++ may be a better tool for it.
The text was updated successfully, but these errors were encountered: