According to PEP 394, the python command is meant to be Python 2
until at least 2020, so in practice this script will be run with
Python 2 for now (except on Arch Linux); but it seems good to be
more future-proof.
In Python 3, os.write() takes a bytestring (bytes object), not a
text string (str/unicode object). In Python 2 ≥ 2.6, the b'' syntax
is supported and gives a str object, because that was a bytestring
in Python 2; either way, b'1' is an acceptable argument to os.write().
In Python ≥ 3.4, the result of os.pipe() is close-on-exec
(non-inheritable) by default, so undo that where needed.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #246
Approved by: giuseppe
This means we can use it with an installed bwrap, which seems a more
common use of a demo script than a just-compiled bwrap, and is
consistent with the shell scripts.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #246
Approved by: giuseppe
On systems without the /usr merge, it's almost certainly in /usr,
so this script would have failed.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #246
Approved by: giuseppe
As I said in the release notes, I think the majority of use cases want this,
which includes this interactive shell.
Closes: #189
Approved by: alexlarsson
In discussion in https://github.com/projectatomic/bubblewrap/pull/150
it was noted that most of the bwrap command line tends towards "closed
by default, request open". But the `--unshare` options are inverse.
Now, I suspect in practice there's only one namespace that most users
will care about, which is the network namespace. There are very useful
programs to build on both cases.
I think everything else (pid, ipc, uts) people will want as a group.
Any cases that are unusual enough to want to turn one of them off
can still fall back to the previous bwrap behavior of explicitly
unsharing. They're likely to be security sensitive enough
that if a new namespace were added, it would make sense to evaluate
the tool.
But again I think most users will want all namespaces, with the network one as a
primary "enable it" option.
Closes: #153
Approved by: alexlarsson
I was working on rpm-ostree's use of bwrap and realized we weren't setting up
/var/tmp. I think this should be a best practice for app compatibility.
I also took the opportunity to expand the docs a bit, and overriding PS1 helps
users know they're in the container shell.
Closes: #137
Approved by: alexlarsson
