https://github.com/containers/bubblewrap
It's the base for Flatpack, the thing that makes Flatpack be sandboxed.
I use it to run Claude Code / Codex / Gemini CLI, to make sure that they have a limited / fake view of my system.
You can bind directories into it, or overlay them into it, restrict other kinds of access.
If Docker is a thing in a scale between a VM and your OS, Bubblewrap is a thing a scale between Docker and your OS. You use your OS, instead of installing and managing an OS like you do with Docker, but you get filesystem and process isolation like with Docker.
Though I had an issue where I cannot use `--new-session`, which is kind of dangerous to not use, but you can get around it if you use seccomp to block ioctl calls, and ptrace.
How do you know what permissions are required by an application, to write a bubblewrap script?
In AppArmor, you exercise the application and aa-logprof suggests permissions requested by application. If you know AppArmor, usually you can refine those suggestions and write a profile. It may not be ideal, as aa-logprof’s permissions are multiple choice suggestions, require user knowledge and may be too broad or specific, but it could work. You will see that there are many and all kinds of permissions, and there is no way that you will be able to guess them without aa-logprof.
What is the equivalent of aa-logprof in bubblewrap and how do you find the required permissions?
https://github.com/strongdm/leash
It even has a --darwin macOS-native mode which goes beyond the capabilities and guarantees of sandbox-exec and bubblewrap.
Full-disclosure: I am one of the authors.
https://hanako.codeberg.page/ (Flatpak is not a sandbox)
Moreover it vendores patched gcc compiler, so the entire toolchain is reproducible too as well.
How cool is that?! For the record golang brings it further - its entire package registry containing +40mln packages is bit by bit reproducible.
The biggest issue is with Linux Kernel itself. Once kernel reproducibility will be handled, we can practically claim Guix, NixOS, Debian or any other Linux distro is reproducible as well, since with little effort we can avoid installing packages which will colour our reproducibility.
For desktop environments it’s a bit worse, but there are huge efforts to make this happen for all packages in package registries of aforementioned distros.
Freebsd seems like an amazing project too.
I am always confused tho by what is the actual difference b/w freebsd,netbsd,openbsd as I feel like freebsd is taking a lot of positive ideas from both netbsd and openbsd or independently building them.
I might want to play with freebsd one day but I feel like it might have limited software or I might need to compile a lot of things as compared to archlinux or even debian etc.
This allows independent people to check that provided binaries don't contain malicious stuff for instance. Ultimately, it lets you download binaries instead of rebuilding everything yourself locally if the binaries have been independently reproduced.
You might be interested in checking:
bwrap --dev-bind /dev /dev --tmpfs /tmp -- labwc
bwrap --dev-bind /dev /dev --tmpfs /tmp -- kwin_wayland konsole
bwrap --dev-bind /dev /dev --tmpfs /tmp -- startplasma-wayland
That's obviously super permissive, but from there can take things away to expose as much or little of the host system as needed.
For my system I'm working on making a few bwrapped "zones". E.g. start a terminal that can see a certain subset of files, and can configure whether it should use gpu or not, have internet or not, have access to local network or not, etc. A bit more project/environment focused than bwrapping programs one by one.
But firejail needs root privilege, so there are arguments that it may actually reduce the security, because even though it sandboxes some applications, non-privilege processes may gain privilege if there is a flaw in the fire jail itself.
Firejail is also criticized for complexity.
A lot of focus in flatpak sadly gets focused on guis and not clis
Like how much efforts would it take to convert a golang static binary/project cli to flatpak?