this post was submitted on 20 Jun 2023
9 points (100.0% liked)

Arch Linux

7791 readers
4 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS
 

I want to sandbox things like Steam, Discord and even firefox and I see bubblwrap getting recommended a lot as the preferred sandboxing tool but I'm hardpressed on how to actually use it. I don't know what to enable and what not to.

PS. Please don't recommend Flatpak, I'm aware Flatpak uses bwrap but I want to avoid Flatpak unless absolute necessary. I don't have anything against Flatpak, just personal preference :D.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

How do I use this btw? I pasted this on an executable and it says Permission Denied.

[–] pseudo 1 points 1 year ago

It's a shell script, right? Save the text as a <FILE>, chmod +x <FILE>, ./<FILE>.

You might not have zsh, in which case you need to replace shebang (#!/bin/zsh) with bash and fix what breaks (IIRC you can't quite do a printf like that in bash).

It works by constructing an array of argument strings — which you can see with echo $bwopt — and printing it, concatenated using \0 as a separator. It's printed to a file descriptor, open as fd 9 in the child process. Alternatively, you can just give bwrap those arguments directly (bwrap $bwopt).