From 86a60c2265627199d74164558f491215a8144a8f Mon Sep 17 00:00:00 2001
From: 1muen <49640488+1muen@users.noreply.github.com>
Date: Mon, 27 Oct 2025 09:49:28 +0100
Subject: [PATCH] Add --new-session to prevent CVE-2017-5226 -- bubblewrap
 escape via TIOCSTI ioctl

fish ( https://github.com/fish-shell/fish-shell/issues/9605 ) and some other programs might not work because of this sometimes breaking change
---
 wrap.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/wrap.sh b/wrap.sh
index 24530a3..bb55748 100755
--- a/wrap.sh
+++ b/wrap.sh
@@ -374,6 +374,7 @@ for e in "${env_vars[@]}"; do
 done
 
 exec bwrap \
+  --new-session \ # to prevent CVE-2017-5226 -- bubblewrap escape via TIOCSTI ioctl https://github.com/containers/bubblewrap/issues/142
   --chdir "$bwrap_chdir" \
   --clearenv \
   --dev /dev \