A package manager which facilitates Arch-based bubblewrap containers.
Find a file
2023-12-23 23:10:55 -05:00
assets Decluttered and splintered build scripts, some organization and readmes 2023-12-23 23:10:55 -05:00
bin Updated creation code with new --dep parameter. 2023-11-29 14:45:42 -05:00
dist Redundant 2023-12-23 20:00:47 -05:00
docs Applied 1c7f48dd81 2023-11-17 01:11:58 -05:00
pacwrap Decluttered and splintered build scripts, some organization and readmes 2023-12-23 23:10:55 -05:00
pacwrap-agent Decluttered and splintered build scripts, some organization and readmes 2023-12-23 23:10:55 -05:00
pacwrap-core Decluttered and splintered build scripts, some organization and readmes 2023-12-23 23:10:55 -05:00
.gitignore Initial commit of .gitignore 2023-11-16 01:14:04 -05:00
Cargo.lock Release 0.4.4 2023-10-29 16:01:23 -04:00
Cargo.toml Initial commit workspace Cargo.toml 2023-11-16 23:36:36 -05:00
LICENSE LICENSE file 2023-10-29 15:34:12 -04:00
makefile Updated makefile to remove deprecated scripting 2023-10-25 01:01:42 -04:00
README.md Decluttered and splintered build scripts, some organization and readmes 2023-12-23 23:10:55 -05:00

pacwrap

A package management front-end which utilises libalpm to facilitate the creation of unprivileged, userspace containers with parallelised, filesystem-agnostic deduplication. Sandboxing of unprivileged namespace containers is provided via bubblewrap to execute package transactions and launch applications inside of these containers.

This application is designed to allow for the creation and execution of secure, replicable containerised environments for general-purpose use. CLI and GUI applications are all supported*. Once a container environment is configured, it can be re-established or replicated on any system.

Goal of this project is to provide a distribution-backed alternative to flatpak with easily configurable security parameters.

* Some CLI-based applications, such as ncspot, require disabling termios isolation. This could allow an attacker to overtake the terminal and thus breakout of the container.

Example usage

To create a container, execute the following command:

$ pacwrap -Syucb --target=base

Then to launch a shell inside of this container to configure it:

$ pacwrap -Es base

And then finally, to install neovim inside of a fresh, replicable, root container:

$ pacwrap -Syucr --target=neovim neovim --target=base

More advanced examples along with further documentation of configuration can be found further elaborated upon here.

Manual

An online version of the user manual is viewable here.

Build requirements

A minimum version of Rust 1.72, with base-devel and repose packages from Arch Linux's repositories.

Distribution support

Currently only Arch Linux is supported in containers as package management is faciliated by libalpm. However, this package should be distribution agnostic, so it should be possible to use on non-Arch-based distributions.