[HN Gopher] Bubblewrap - Low-level unprivileged sandboxing tool ... ___________________________________________________________________ Bubblewrap - Low-level unprivileged sandboxing tool used by Flatpak Author : TheFreim Score : 39 points Date : 2023-07-11 18:46 UTC (4 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | yjftsjthsd-h wrote: | Also of interest is https://github.com/igo95862/bubblejail , a | less low level program on top of bubblewrap. | jauntywundrkind wrote: | Fwiw, this was mentioned in the _NixOS and my descent into | insanity_ submission yesterday, as it 's underlying util _bwrap_ | , as a possible tool to help the blogger get NixOS running on | their campus computers. | https://news.ycombinator.com/item?id=36668363 | | The org maintaining this maintains a bunch of other very high | profile containerization/isolations tools: podman container | runtime, buildah container builder, skopeo container registry | multitool, conmon-rs container monitor, podman desktop gui, youki | container runtime, and maintaining the standard reference impl of | a bunch of OCI specs (storage, image). There's no higher profile | place this work could come from, imo. | formerly_proven wrote: | > The org maintaining this maintains | | (That org being mostly Red Hat) | nextos wrote: | It's actually annoying NixOS doesn't offer good default | sandboxing. Sandboxing should appeal to the Nix crowd, but | somehow it's not been integrated yet. AFAIK, GuixSD is working | on sandboxing. | | In general, sandboxing is pretty important and an area were | Linux distributions are falling behind macOS and mobile. | yjftsjthsd-h wrote: | NixOS supports firejail - https://nixos.wiki/wiki/Firejail | nextos wrote: | It does, but it is far from seamless / widely used. It is a | little bit more than firejail packed for NixOS. ___________________________________________________________________ (page generated 2023-07-11 23:01 UTC)