I want to sandbox things like Steam, Discord and even firefox and I see bubblwrap getting recommended a lot as the preferred sandboxing tool but I’m hardpressed on how to actually use it. I don’t know what to enable and what not to.

PS. Please don’t recommend Flatpak, I’m aware Flatpak uses bwrap but I want to avoid Flatpak unless absolute necessary. I don’t have anything against Flatpak, just personal preference :D.

  • 𝖕𝖘𝖊𝖚𝖉
    link
    English
    11 year ago

    It’s a shell script, right? Save the text as a <FILE>, chmod +x <FILE>, ./<FILE>.

    You might not have zsh, in which case you need to replace shebang (#!/bin/zsh) with bash and fix what breaks (IIRC you can’t quite do a printf like that in bash).

    It works by constructing an array of argument strings — which you can see with echo $bwopt — and printing it, concatenated using \0 as a separator. It’s printed to a file descriptor, open as fd 9 in the child process. Alternatively, you can just give bwrap those arguments directly (bwrap $bwopt).