From 53c43dc3b5d4ed166fed9e01dbdb0874497f88b3 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 29 Apr 2026 12:56:33 +0200 Subject: [PATCH 1/5] README.md: Fix a typo Fix a typo introduced when rewording the documentation in commit d9f35ab ("README: Update the user namespace / setuid section", 2026-04-14) Signed-off-by: Antonio Ospite --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1b365ed6..18d0becf 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ on the host. User namespaces --------------- -There is an feature in the Linux kernel called +There is a feature in the Linux kernel called [user namespaces](https://www.google.com/search?q=user+namespaces+site%3Ahttps%3A%2F%2Flwn.net) which allows unprivileged users to use container features. Bubblewrap uses these to build the sandbox, allowing any user to use the tool. From 494033a525111396eb2ff514b38d1ea873b4e040 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 29 Apr 2026 17:52:11 +0200 Subject: [PATCH 2/5] bwrap.xml: Fix a typo The 'u' in "unprivileged" really sounds like a vowel, so use "an". Signed-off-by: Antonio Ospite --- bwrap.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bwrap.xml b/bwrap.xml index a9912e32..61fb0445 100644 --- a/bwrap.xml +++ b/bwrap.xml @@ -42,7 +42,7 @@ Description - bwrap is a unprivileged low-level sandboxing tool. You + bwrap is an unprivileged low-level sandboxing tool. You are unlikely to use it directly from the commandline, although that is possible. From 9c9fa2641be532969edb4a6833d9931c57c9e4e7 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 29 Apr 2026 15:14:02 +0200 Subject: [PATCH 3/5] utils: Adjust wording in a comment This also removes a typo: "an process". Signed-off-by: Antonio Ospite --- utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils.c b/utils.c index 7b7349ab..55a7f5b1 100644 --- a/utils.c +++ b/utils.c @@ -137,7 +137,7 @@ fork_intermediate_child (void) if (pid == -1) die_with_error ("Can't fork for --pidns"); - /* Parent is an process not needed */ + /* The parent process is not needed */ if (pid != 0) exit (0); } From 4b19d5657e4a447215fd6ae05855485c00d0cbb2 Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 29 Apr 2026 15:14:35 +0200 Subject: [PATCH 4/5] bubblewrap: Adjust wording in a comment Adjust wording in one of the comment, to read more clearly. Consider the previous wording: "... a problem if we're privileged, if we're not opt_unshare_user ..." it might sound like the "not" refers to `opt_unshare_user`, while in fact refers to "being privileged" from the previous sentence. Adding a "then" removes the ambiguity, making the message flow better, especially for non-native English readers. Signed-off-by: Antonio Ospite --- bubblewrap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bubblewrap.c b/bubblewrap.c index e05f6971..a0840601 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -2674,8 +2674,8 @@ main (int argc, } /* Debian lets you disable *unprivileged* user namespaces. However this is not - a problem if we're privileged, and if we're not opt_unshare_user is true - already, and there is not much we can do, its just a non-working setup. */ + a problem if we're privileged, and if we're not then opt_unshare_user is true + already, and there is not much we can do, it's just a non-working setup. */ if (!disabled) opt_unshare_user = true; From c1d6ac1c7af0763b9c571998869b3c13cd63b32c Mon Sep 17 00:00:00 2001 From: Antonio Ospite Date: Wed, 29 Apr 2026 15:12:30 +0200 Subject: [PATCH 5/5] bubblewrap: Fix wording in die() messages Use more correct wording in some die() messages. While at it remove a double space in one of the messages. Signed-off-by: Antonio Ospite --- bubblewrap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bubblewrap.c b/bubblewrap.c index a0840601..2fb926c4 100644 --- a/bubblewrap.c +++ b/bubblewrap.c @@ -2635,16 +2635,16 @@ main (int argc, die ("--userns-block-fd requires --info-fd"); if (opt_userns_fd != -1 && opt_unshare_user) - die ("--userns not compatible --unshare-user"); + die ("--userns is not compatible with --unshare-user"); if (opt_userns_fd != -1 && opt_unshare_user_try) - die ("--userns not compatible --unshare-user-try"); + die ("--userns is not compatible with --unshare-user-try"); if (opt_disable_userns && !opt_unshare_user) die ("--disable-userns requires --unshare-user"); if (opt_disable_userns && opt_userns_block_fd != -1) - die ("--disable-userns is not compatible with --userns-block-fd"); + die ("--disable-userns is not compatible with --userns-block-fd"); /* We have to do this if we we're not root, so let's just DWIM */ if (getuid () != 0 && opt_userns_fd == -1)