What does HackerNews think of bubblejail?

Bubblewrap based sandboxing for desktop applications

Language: Python

Bubblewrap – Low-level unprivileged sandboxing tool used by Flatpak | Jul 2023
Also of interest is https://github.com/igo95862/bubblejail , a less low level program on top of bubblewrap.
Linux kernel use-after-free in Netfilter, local privilege escalation | May 2023
I am developing a sandbox project for Linux desktop applications called bubblejail:

https://github.com/igo95862/bubblejail

In the next not yet released version 0.8.0 there will be a new option to disable a specific namespace type per sandbox. For example, disabling the network namespace would prevent this exploit.

This is more flexible than globally disabling all user namespaces as some programs might use other more harmless namespaces like Steam uses mount namespaces to setup runtime libraries.

Breaking all macOS security layers with a single vulnerability | Aug 2022
Expand Context ↕
Please do not use firejail. See this issue page: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12635

Bubblejail is an acceptable alternative https://github.com/igo95862/bubblejail