On 11/23/25 01:38, Demi Marie Obenour wrote:
> I'm trying to get minijail0 to work without bind-mounting /, and I'm
> running into lots of problems.  So far:
> 
> - Unprivileged user namespaces fail due to -EPERM in a mount syscall.
> 
> - Mounting a tmpfs over / always causes the program to be executed
>   to not be found.
> 
> - `sudo ./minijail0.sh -v --profile=minimalistic-mountns /bin/ls`
>   works, but doesn't actually do any sandboxing as it bind-mounts `/`.
> 
> Are there examples of how to use minijail0 properly?  Alternatively,
> can I use it purely for seccomp and Landlock, and use bubblewrap to
> handle namespacing?

Forwarding to minijail mailing list.  The first message was rejected
for some reason.
-- 
Sincerely,
Demi Marie Obenour (she/her/hers)