Skip to content

Releases: containers/bubblewrap

Release 0.11.2

Choose a tag to compare

@alexlarsson alexlarsson released this 23 Apr 08:24
v0.11.2

This is a security update for CVE-2026-41163, which affects any system using bubblewrap 0.11.x using a setuid bubblewrap. Anyone using this should update to this release (or stop using setuid mode).

This release deprecates the support for setuid bubblewrap, and later versions of bubblewrap will no longer support it.

Bug fixes:

  • In setuid mode, don't run the low-privileged parts parts of the setup
    as dumpable, as that allows it to be ptraced which can lead to problems.
    This is CVE-2026-41163, and was reported by François Diakhate.

Enhancements:

  • New build option -Dsupport_setuid, which if set to false (which
    is the default) disables the support for setuid. Binaries built
    with this will refuse to run if made setuid. We recommend building
    normal bubblewrap binaries like this, which allows you to safely
    ignore any security issues that only affect setuid mode.

0.11.1

Choose a tag to compare

@smcv smcv released this 21 Mar 18:09

Bug fixes:

  • Reset disposition of SIGCHLD, restoring normal subprocess management if bwrap was run from a process that was ignoring that signal, such as Erlang or volumeicon (#705, Joel Pelaez Jorge)

  • Don't ignore --userns 0, --userns2 0 or --pidns 0 if used (#731, Daniel Cazares). Note that using a fd number ≥ 3 for these purposes is still preferred, to avoid confusion with the stdin, stdout, stderr that will be inherited by the command inside the container.

  • Fix grammar in an error message (#694, J. Neuschäfer)

  • Fix a broken link in the documentation (#729, Aaron Brooks)

Internal changes:

  • Enable user namespaces in Github Actions configuration, fixing a CI regression with newer Ubuntu (#728, Joel Pelaez Jorge)

  • Clarify comments (#737, Simon McVittie)

c1b7455a1283b1295879a46d5f001dfd088c0bb0f238abb5e128b3583a246f71 *bubblewrap-0.11.1.tar.xz

0.11.0

Choose a tag to compare

@smcv smcv released this 30 Oct 16:28

Released: 2024-10-30

Dependencies:

  • Remove the Autotools build system. Meson ≥ 0.49.0 is now required at build-time. (#625, @WhyNotHugo)

  • For users of bash-completion, bash-completion ≥ 2.10 is recommended. With older bash-completion, bubblewrap might install completions outside its ${prefix} unless overridden with -Dbash_completion_dir=….

Enhancements:

  • New --overlay, --tmp-overlay, --ro-overlay and --overlay-src options allow creation of overlay mounts. This feature is not available when bubblewrap is installed setuid. (#412, #663; @rhendric, @wmanley, @smcv)

  • New --level-prefix option produces output that can be parsed by tools like logger --prio-prefix and systemd-cat --level-prefix=1 (#646, @smcv)

Bug fixes:

  • Handle EINTR when doing I/O on files or sockets (#657, @smcv)

  • Don't make assumptions about alignment of socket control message data (#637, @smcv)

  • Silence some Meson deprecation warnings (#647, @sertonix)

  • Update URLs in documentation to https (#566, @TotalCaesar659)

  • Improve tests' compatibility with busybox (#627, @sertonix)

  • Improve compatibility with Meson < 1.3.0 (#664, @smcv)

Internal changes:

  • Consistently use <stdbool.h> for booleans (#660, @smcv)

  • Avoid -Wshadow compiler warnings (#661, @smcv)

  • Update Github Actions configuration (#658, @smcv)

988fd6b232dafa04b8b8198723efeaccdb3c6aa9c1c7936219d5791a8b7a8646 *bubblewrap-0.11.0.tar.xz

0.10.0

Choose a tag to compare

@smcv smcv released this 14 Aug 15:48

New features:

  • Add the --[ro-]bind-fd option, which can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks. This is needed when resolving CVE-2024-42472 (GHSA-7hgv-f2j8-xw87) in Flatpak.

Other changes:

  • Fix some confusing syntax in SetupOpFlag (no functional change). (#636)

0.6.3

Choose a tag to compare

@smcv smcv released this 14 Aug 15:47

This release is intended to be used as part of Flatpak 1.14.x. If possible, please upgrade to 0.10.0 or later instead.

  • Backport the --[ro-]bind-fd option from 0.10.0. This can be used to mount a filesystem represented by a file descriptor without time-of-check/time-of-use attacks, and is needed when resolving CVE-2024-42472 (GHSA-7hgv-f2j8-xw87) in Flatpak.
d8cab8943a36cd1bc1b8c63596c6ef6b29b12883d90ed9b14a969795ac60ddef  bubblewrap-0.6.3.tar.xz

0.9.0

Choose a tag to compare

@smcv smcv released this 26 Mar 21:50

Build system

  • Building this version of bubblewrap with Meson is recommended. The source release bubblewrap-0.9.0.tar.xz no longer contains Autotools-generated files, although this version can still be built using Autotools after running ./autogen.sh. Future versions are likely to remove the Autotools build system altogether.

New features

  • Add --argv0 (#91)

Other enhancements

Bug fixes

  • Fix a double-close on error reading from --args, --seccomp or --add-seccomp-fd argument (#558)
  • Improve memory allocation behaviour (#556, #624)
  • Silence various compiler warnings (#559)
  • Silence an Automake warning (#622)
  • Fix a test failure when running as uid 0 in a container (#488)
  • Fix a test failure when /mnt is a symlink (#599)
  • Fix a test failure on NixOS (#603)
c6347eaced49ac0141996f46bba3b089e5e6ea4408bc1c43bab9f2d05dd094e1 *bubblewrap-0.9.0.tar.xz

0.8.0

Choose a tag to compare

@smcv smcv released this 27 Feb 13:44

New features:

  • Add --disable-userns option to prevent the sandbox from creating its own nested user namespace (#488)
  • Add --assert-userns-disabled option to check that an existing userns was created with --disable-userns (#488)
  • Give a clearer error message if the kernel doesn't have CONFIG_SECCOMP and CONFIG_SECCOMP_FILTER (#550)

Bug fixes:

  • Fix test failure with recent versions of capsh (#544)
  • Fix test failure since 0.7.0 when not using post-2013 GNU coreutils (#539)
  • Fix test failure since 0.7.0 if bubblewrap is setuid (#539)

Known issues:

  • Tests fail if run as root (#554)
$ sha256sum -b bubblewrap-0.8.0.tar.xz            
957ad1149db9033db88e988b12bcebe349a445e1efc8a9b59ad2939a113d333a *bubblewrap-0.8.0.tar.xz

v0.7.0

Choose a tag to compare

@smcv smcv released this 07 Nov 18:10

New features:

  • --size option controls the size of a subsequent --tmpfs (#509)
  • Better error messages if a mount operation fails (#472)
  • Better error message if creating the new user namespace fails with ENOSPC (#487)
  • When building as a Meson subproject, a RUNPATH can be set on the executable to make it easier to bundle its libcap dependency

Bug fixes:

  • When building with Autotools, ensure initial setup for pkg-config is not disabled by --with-bash-completion-dir=PATH (#316, #342, #441)
  • Fix test failures when running as uid 0 but with limited capabilities (#510)
  • Use POSIX command -v in preference to non-standard which (#527)
  • Fix a copy/paste error in --help (#531)
$ sha256sum -b bubblewrap-0.7.0.tar.xz 
764ab7100bd037ea53d440d362e099d7a425966bc62d1f00ab26b8fbb882a9dc *bubblewrap-0.7.0.tar.xz

0.6.2

Choose a tag to compare

@smcv smcv released this 11 May 14:27

New features in Meson build:

  • Auto-detect whether the man page can be generated
  • -Dbwrapdir=... changes the installation directory (useful when being used as a subproject)
  • -Dtests=false disables unit tests

Bug fixes:

  • Add --add-seccomp-fd to shell completions
  • Document --add-seccomp-fd, --json-status-fd and --share-net in the man page
  • Add attributes to silence various compiler warnings
  • Allow compilation of tests with musl on mips architectures
  • Allow compilation with older glibc
  • Disable sanitizers for a test helper whose seccomp profile breaks the instrumentation
  • Disable AddressSanitizer leak detection where it interferes with unit testing
$ sha256sum -b bubblewrap-0.6.2.tar.xz
8a0ec802d1b3e956c5bb0a40a81c9ce0b055a31bf30a8efa547433603b8af20b *bubblewrap-0.6.2.tar.xz

0.6.1

Choose a tag to compare

@smcv smcv released this 25 Feb 17:53
  • Fix bwrap --version when built with Meson (#477)
  • Don't install zsh completion as executable when built with Meson
$ sha256sum -b bubblewrap-0.6.1.tar.xz
9609c7dc162bc68abc29abfab566934fdca37520a15ed01b675adcf3a4303282 *bubblewrap-0.6.1.tar.xz