What does HackerNews think of bubblejail?
Bubblewrap based sandboxing for desktop applications
Language:
Python
Also of interest is https://github.com/igo95862/bubblejail , a less low level program on top of bubblewrap.
I am developing a sandbox project for Linux desktop applications called bubblejail:
https://github.com/igo95862/bubblejail
In the next not yet released version 0.8.0 there will be a new option to disable a specific namespace type per sandbox. For example, disabling the network namespace would prevent this exploit.
This is more flexible than globally disabling all user namespaces as some programs might use other more harmless namespaces like Steam uses mount namespaces to setup runtime libraries.
Please do not use firejail. See this issue page: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12635
Bubblejail is an acceptable alternative https://github.com/igo95862/bubblejail