Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mstdn.io/users/wolf480pl/statuses/113549454562579463">Wolf480pl (wolf480pl@mstdn.io)'s status on Tuesday, 26-Nov-2024 22:22:32 JST</a><a href="https://mstdn.io/@wolf480pl" title="wolf480pl@mstdn.io"><img src="https://gnusocial.jp/avatar/6007-48-20250211223719.webp" width="48" height="48" alt="Wolf480pl" style="position: absolute; left: 0; top: 0;">Wolf480pl</a><div><a href="https://queer.hacktivis.me/objects/9550058b-08af-4812-86fb-1198046d1f72" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/105501" title="quad@akko.quad.moe">Quad</a></li></ul></div></section><article><p><a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> <a href="https://akko.quad.moe/users/quad">@quad</a> <br>hmm ok...</p><p>so it can do all the namespace-y privilege-dropy bind-mounty stuff, but it doesn't do anything related to images, you just use existing directories in the filesystem?</p><p>Assuming I'm ok with systemd, is there any reason to use bwrap over systemd's Protect* / RootDirectory / BindPath / etc?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4073425#notice-7959655">In conversation</a><time datetime="2024-11-26T22:22:32+09:00" title="Tuesday, 26-Nov-2024 22:22:32 JST">about 3 months ago</time> <span>from <span><a href="https://mstdn.io/@wolf480pl/113549454562579463" rel="external" title="Sent from mstdn.io via ActivityPub">mstdn.io</a></span></span><a href="https://mstdn.io/@wolf480pl/113549454562579463">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Wolf480pl (wolf480pl@mstdn.io)'s status on Tuesday, 26-Nov-2024 22:22:32 JSTWolf480pl
in reply to
- Haelwenn /элвэн/ :triskell:
- Quad
@lanodan @quad
hmm ok...
so it can do all the namespace-y privilege-dropy bind-mounty stuff, but it doesn't do anything related to images, you just use existing directories in the filesystem?
Assuming I'm ok with systemd, is there any reason to use bwrap over systemd's Protect* / RootDirectory / BindPath / etc?
In conversationabout 3 months ago from mstdn.iopermalink

Public

Embed Notice

HTML Code

Corresponding Notice