tool to easily sandbox Linux applications.
The primary use-case for BubbleBox is running applications that you do not trust enough
-to give them full access to hour home directory, and in particular the secret keys stored there.
-In this regard it is similar to [firejail] and [bubblejail], but less powerful and in exchange hopefully easier to configure.
+to give them full access to your home directory, and in particular the secret keys stored there.
BubbleBox is based on [bubblewrap] and [xdg-dbus-proxy] which do all of the heavy lifting.
+The goals of this project are similar to [firejail], but I found firejail's configuration to be extremely hard to maintain and debug.
+BubbleBox is meant for people that are comfortable editing its Python source code to adjust it to their needs;
+if you are looking for something with a more out-of-the-box experience, try [bubblejail].
+
[firejail]: https://firejail.wordpress.com/
[bubblejail]: https://github.com/igo95862/bubblejail
[bubblewrap]: https://github.com/containers/bubblewrap
extends `DEFAULT` by providing access to DRI, X11, ALSA, Wayland, and
PulseAudio. Furthermore, some GUI configuration files (`.XCompose`,
fontconfig, and default mime-type associations) are made available to the
- sandbox. The `name` is used to create an XDG_RUNTIME_DIR that will be shared
+ sandbox. The `"name"` is used to create an XDG_RUNTIME_DIR that will be shared
among all instances of this sandbox. This also sets up the D-Bus proxy and
gives the application access to notifications, screen saver control, status
icons, and the flatpak portals (however, actually using these portals is
to the home directory.
- `bwrap_flags` allows passing flags directly to `bwrap`. This is rarely needed.
- `dbus_proxy_flags` allows passing flags directly to `xdg-dbus-proxy`.
- This is the typical way to provide access to given D-Bus names.
+ This is the typical way to provide access to additional D-Bus names.
## Source, License
projects / bubblebox.git / blobdiff