I want to sandbox things like Steam, Discord and even firefox and I see bubblwrap getting recommended a lot as the preferred sandboxing tool but I’m hardpressed on how to actually use it. I don’t know what to enable and what not to.
PS. Please don’t recommend Flatpak, I’m aware Flatpak uses bwrap but I want to avoid Flatpak unless absolute necessary. I don’t have anything against Flatpak, just personal preference :D.
It’s a shell script, right? Save the text as a
<FILE>
,chmod +x <FILE>
,./<FILE>
.You might not have
zsh
, in which case you need to replace shebang (#!/bin/zsh
) with bash and fix what breaks (IIRC you can’t quite do a printf like that in bash).It works by constructing an array of argument strings — which you can see with
echo $bwopt
— and printing it, concatenated using\0
as a separator. It’s printed to a file descriptor, open as fd 9 in the child process. Alternatively, you can just givebwrap
those arguments directly (bwrap $bwopt
).