X-Git-Url: https://git.ralfj.de/web.git/blobdiff_plain/e6148fff016bf85c5e4b559a4d69f2deaac0e7ed..2581834cd54e4c420d2a75314189a2aba93ff94e:/personal/_posts/2024-04-14-bubblebox.md?ds=sidebyside diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md index cc8aa88..56a23a6 100644 --- a/personal/_posts/2024-04-14-bubblebox.md +++ b/personal/_posts/2024-04-14-bubblebox.md @@ -33,6 +33,10 @@ org.freedesktop.Flatpak=none org.freedesktop.secrets=none ``` +I also use [Flatseal], an amazing application that helps to check which permissions applications get, and change them if necessary. + +[Flatseal]: https://flathub.org/apps/com.github.tchx84.Flatseal + ## BubbleBox However, not all software exists as Flatpak. @@ -55,7 +59,9 @@ I should also note that this is not the only bubblewrap-based sandboxing solutio it was a very useful resource when figuring out the right bubblewrap flags to make complex GUI applications work properly. (Incidentally, "bubblejail" is also how I called my own script originally, but then I realized that the name is already taken.) Joachim Breitner also recently [blogged](https://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment) about his own bubblewrap-based sandboxing script. -There are many ways to do this, and it was fun to figure out my own solution. +sloonz has a similar [script](https://gist.github.com/sloonz/4b7f5f575a96b6fe338534dbc2480a5d) as well, with a nice yaml-based configuration format and [great explanations](https://sloonz.github.io/posts/sandboxing-1/) for what all the flags exactly do. +Had their script existed when I started what eventually became BubbleBox, I would have used it as a starting point. +But it was also fun to figure out my own solution. Using bubblewrap and xdg-dbus-proxy for this was an absolute joy. Both of these components came out of the Flatpak project, but the authors realized that they could be independently useful,