I want to sandbox things like Steam, Discord and even firefox and I see bubblwrap getting recommended a lot as the preferred sandboxing tool but I’m hardpressed on how to actually use it. I don’t know what to enable and what not to.
PS. Please don’t recommend Flatpak, I’m aware Flatpak uses bwrap but I want to avoid Flatpak unless absolute necessary. I don’t have anything against Flatpak, just personal preference :D.
From what I understand, bubblewrap is supposed be configured by passing flags from the command line. It seems that the way to “configure” bubblewrap is to create wrapper scripts. For example make
/usr/local/bin
with the following contents#!/usr/bin/bash bwrap --flags-and "arguments" steam
As it’s not very practical to figure out a good sandbox from scratch for each and every program you use, you probably want to find scripts from other users or tools that build on top of bubblewrap and are bundled with profiles. The wiki article has examples of both.
I see. So where can I find such scripts? I want to sandbox Steam, Discord and Firefox.
I don’t use it so I don’t have first-hand experience. Like I said, the wiki has some examples and links for reference.
FYI firejail comes with bundled configs for the three apps you mentioned among others. It should play with little or zero tinkering. Maybe give firejail a try if you find bubblewrap hard to setup.