I want to sandbox things like Steam, Discord and even firefox and I see bubblwrap getting recommended a lot as the preferred sandboxing tool but I’m hardpressed on how to actually use it. I don’t know what to enable and what not to.
PS. Please don’t recommend Flatpak, I’m aware Flatpak uses bwrap but I want to avoid Flatpak unless absolute necessary. I don’t have anything against Flatpak, just personal preference :D.
How do I use this btw? I pasted this on an executable and it says
Permission Denied.It’s a shell script, right? Save the text as a
<FILE>,chmod +x <FILE>,./<FILE>.You might not have
zsh, in which case you need to replace shebang (#!/bin/zsh) with bash and fix what breaks (IIRC you can’t quite do a printf like that in bash).It works by constructing an array of argument strings — which you can see with
echo $bwopt— and printing it, concatenated using\0as a separator. It’s printed to a file descriptor, open as fd 9 in the child process. Alternatively, you can just givebwrapthose arguments directly (bwrap $bwopt).