Techly NewsGet the app

Get the latest tech news

Sandboxing all the things with Flatpak and BubbleBox


A few years ago, I have blogged about my approach to sandboxing less-trusted applications that I have to or want to run on my main machine. The approach has changed since then, so it is tim...

bubblewrap provides a very convenient solution: it can start an application in its own private filesystem namespace with full control over which part of the host file system is accessible from inside the sandbox. I wrote a small wrapper around bubblewrap to make this configuration a bit more convenient to write and manage; this project is called BubbleBox. Both of these components came out of the Flatpak project, but the authors realized that they could be independently useful, so in best Unix tradition they turned them into tools that provide all the required mechanism without hard-coding any sort of policy.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of things

things

Photo of bubblebox

bubblebox

Photo of flatpak

flatpak

Related news:

News photo

We've stopped making things anyone wants

News photo

First things to do with the Google Pixel Watch 2

News photo

PSP 2: 6 things Sony needs to get right with the next PlayStation Portable

« Mysterious Moving Pointers
Personal VPN services are snake oil »