https://github.com/helpme970/bubblejail

bubblewrap overlay for an easier usage
https://github.com/helpme970/bubblejail

bubblewrap bubblewrap-scripts bubblewrap-wrap bwrap desktop desktop-security gnu-linux linux linux-containers namespace namespaces sandbox sandboxing security security-tools shell shell-script shellscript

Last synced: 3 months ago
JSON representation

bubblewrap overlay for an easier usage

• Host: GitHub
• URL: https://github.com/helpme970/bubblejail
• Owner: helpme970
• License: gpl-3.0
• Created: 2025-02-22T06:06:46.000Z (4 months ago)
• Default Branch: main
• Last Pushed: 2025-03-17T15:39:48.000Z (3 months ago)
• Last Synced: 2025-03-17T16:36:44.169Z (3 months ago)
• Topics: bubblewrap, bubblewrap-scripts, bubblewrap-wrap, bwrap, desktop, desktop-security, gnu-linux, linux, linux-containers, namespace, namespaces, sandbox, sandboxing, security, security-tools, shell, shell-script, shellscript
• Language: Shell
• Homepage:
• Size: 27.3 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

README

        
# bubblejail

This repo is mainly for me so that I don't delete it again by mistake

if you find bugs you are welcome to report them to me.

## What is it

This is a simple bash wrapper for bubblewrap. It simplifies the commands for bubblewrap and adds some new functions, like appimage support.

## Usage

bash bubblejail.sh --stdir --video --audio -p firefox

## Commands

-p | --program    after this the programname or path follows

--debug           show all output written to stdout or stderr

-h | --help       show help (not completed)

--version         show version of bubblejail and bubblewrap

--video           automaticly choose if x11 or wayland socket is shared to the application (needed for programs with gui)

--wayland         share wayland socket to the sandbox

--x11             share x11 socket to the sandbox

--x11 :10         share the x11 socket for the 10th session

--x11-sandbox     create a new x11-session with Xephyr and start the program in it (see lack of x11)

--audio           automaticly share socket of PulseAudio, PipeWire, ALSA or OSS

--gpu             enable hardware acceleration for the sandbox

--cam             enable access to the webcam (v4l or v4l2 must be installed)

--stdir           share important directories which are needed by all programs

--net             enable network in the sandbox

--root            change uid to 0

--nobody          change uid to 65534 which is reserved for the user nobody

--current-user    change the user to the current one

--pass      bind path to the exact same position in the sandbox

--ro-pass         same as --pass but read-only

--dev-pass        same as --pass but with device access

--pass-try        same as --pass but no error if path does not exists