Techly NewsGet the app

Get the latest tech news

A quick look at unprivileged sandboxing


- git - desktop - images - contact 2025-07-13 Disclaimer: This is to the best of my knowledge. It's a complicated topic, there are tons of options, and this only covers a tiny fraction of this topic anyway.

Both pledge() and unveil() are used in OpenBSD's base system in a lot of places, all the way down to tools like ps or tee. In essence, if unprivileged sandboxing was as complicated as this, I, personally, would only use it in very specific scenarios where it's absolutely needed. To write the following program, I studied the output of strace bwrap ... and also read some of Bubblewrap's source code.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of quick look

quick look

Related news:

News photo

A quick look at OS/2's builtin virtualization

News photo

A quick look back at the launch of Microsoft's Windows 7 14 years ago today

« Open-source framework for real-time AI voice
iOS 26 public beta rumored to launch next week »