system/bubblewrap: Added (unprivileged sandboxing tool).

Signed-off-by: David Spencer <idlemoor@slackbuilds.org>
author: Vincent Batts <vbatts@hashbangbash.com> 2017-01-19 19:52:19 +0000
committer: Willy Sudiarto Raharjo <willysr@slackbuilds.org> 2017-01-21 07:04:33 +0700
commit: 09274966f0145448d7edba4859b5dd55a9ce19ee (patch)
tree: 998755e6d108a352b9d1919b1d17bca8e641fa71 /system/bubblewrap/README
parent: 6eb36ac506615cd1b5ae8f13cc99b529157f6be5 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/system/bubblewrap/README b/system/bubblewrap/README
new file mode 100644
index 000000000000..279bc9034d17
--- /dev/null
+++ b/system/bubblewrap/README
@@ -0,0 +1,8 @@
+Bubblewrap
+
+Many container runtime tools like systemd-nspawn, docker, etc. focus on
+providing infrastructure for system administrators and orchestration tools
+(e.g. Kubernetes) to run containers.
+
+These tools are not suitable to give to unprivileged users, because it is
+trivial to turn such access into to a fully privileged root shell on the host.
author	Vincent Batts <vbatts@hashbangbash.com>	2017-01-19 19:52:19 +0000
committer	Willy Sudiarto Raharjo <willysr@slackbuilds.org>	2017-01-21 07:04:33 +0700
commit	09274966f0145448d7edba4859b5dd55a9ce19ee (patch)
tree	998755e6d108a352b9d1919b1d17bca8e641fa71 /system/bubblewrap/README
parent	6eb36ac506615cd1b5ae8f13cc99b529157f6be5 (diff)