CI/CD Week Day 2! Security is key! Running directly on the host (bareMetal) is fast, but system admins need control over what processes run.
Enter Executor 2: bwrap (bubblewrap). This creates a very light container/sandbox, similar to what Flatpak uses!
You get the same execution capability (e.g., running `echo "hello" > README.md`), but in a confined, isolated way. It's the best of both worlds: speed and security!
Ready for the executor that lets you run any process? Follow me for tomorrow's reveal! 馃惓
#CICD #DevOps #Bubblewrap #Security #Containers
Stefano Marinelli
boosted
馃П First real sandboxing arrives on #NetBSD!
A GSoC 2025 project brings Linux-style namespaces (UTS + mount) to the kernel, paving the way for real isolation.
https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing
#Bubblewrap #BSD #Security
馃П First real sandboxing arrives on #NetBSD!
A GSoC 2025 project brings Linux-style namespaces (UTS + mount) to the kernel, paving the way for real isolation.
https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing
#Bubblewrap #BSD #Security
Using bubblewrap to add sandboxing to NetBSD
https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing
#HackerNews #bubblewrap #NetBSD #sandboxing #GSoC2025 #security #technology