Security
Bubblewrap provides enhanced security by allowing applications to run in a sandboxed environment, minimizing the risk of malicious code affecting the host system.
Isolation
It offers strong isolation features by creating a separate filesystem namespace, limiting an application's ability to interact with the host filesystem.
Lightweight
Bubblewrap is a lightweight solution compared to full-fledged container solutions, making it suitable for simple sandboxing without the overhead of containers.
Flexibility
It provides flexibility to configure namespaces, capabilities, and cgroups, allowing fine-grained control over the sandbox environment.
Minimal dependencies
Bubblewrap has minimal dependencies, which makes it easier to install and use across different environments.
We have collected here some useful links to help you find out if Bubblewrap is good.
Check the traffic stats of Bubblewrap on SimilarWeb. The key metrics to look for are: monthly visits, average visit duration, pages per visit, and traffic by country. Moreoever, check the traffic sources. For example "Direct" traffic is a good sign.
Check the "Domain Rating" of Bubblewrap on Ahrefs. The domain rating is a measure of the strength of a website's backlink profile on a scale from 0 to 100. It shows the strength of Bubblewrap's backlink profile compared to the other websites. In most cases a domain rating of 60+ is considered good and 70+ is considered very good.
Check the "Domain Authority" of Bubblewrap on MOZ. A website's domain authority (DA) is a search engine ranking score that predicts how well a website will rank on search engine result pages (SERPs). It is based on a 100-point logarithmic scale, with higher scores corresponding to a greater likelihood of ranking. This is another useful metric to check if a website is good.
The latest comments about Bubblewrap on Reddit. This can help you find out how popualr the product is and what people think about it.
Typically I just want to isolate the agent disallowing it from accessing other parts of the filesystem. Using a different user might be enough, but I typically use [bubblewrap](https://github.com/containers/bubblewrap). - Source: Hacker News / 10 days ago
A third way sort of in between, that I'm using in crossdev-stages already, is to leverage more modern linux features to have both sandboxing AND the illusion of being root. Hakoniwa and bubblewrap are the best tools to achieve that. - Source: dev.to / 16 days ago
It depends - for what? If your security model is sandboxing an agent to ensure they don't nuke your PC, then there are a lot of options, you can use something like bubblewrap[1] or a microVM like libkrun[2] if your goal is light-weight, up to full Docker if you want the tooling that comes with that. [1] https://github.com/containers/bubblewrap [2] https://github.com/libkrun/libkrun. - Source: Hacker News / 16 days ago
I use both the openai subscription and the opencode go subscription. I use the go subscription for my personal work and the openai subscription for my consulting work. The differences between the models are minimal, but I usually stick with gpt-5.4-mini, gpt-5.4, mimo-pro-2.5, deepseek-v4-pro. These latter ones have way more usage than even using 5.4-mini so I tend to use them in personal projects for that reason.... - Source: Hacker News / 26 days ago
Https://github.com/containers/bubblewrap?tab=readme-ov-file For hardware virtualized machines it much harder but you can do it via:. - Source: Hacker News / 3 months ago
The sandbox implementation is where the engineering gets particularly impressive. On macOS, Claude Code uses Seatbelt, Apple's kernel-level sandboxing framework that's the same technology Safari uses to isolate web content. On Linux, it uses bubblewrap, a namespace-based container isolation tool originally developed for Flatpak. The source reveals granular permission controls over filesystem access, network... - Source: dev.to / 4 months ago
> The claude sandbox is a good idea, but to be effective it would need to be implemented at a very low level and enforced on all programs that claude launches. I feel like an integration with bubblewrap, the sandboxing tech behind Flatpak, could be useful here. Have all executed commands wrapped with a BW context to prevent and constrain access. https://github.com/containers/bubblewrap. - Source: Hacker News / 4 months ago
> dislike flatpaks and favor a low-level, bare-metal approach Flatpaks are sandboxed with bubblewrap[1]. I would still call that bare-metal. And flatpaks aren't particularly bloated either, there's no need for a flatpak to be any bigger than a regular binary if it only depends on the kde/gnome/freedesktop runtime. I used to prefer installing apps via my distro directly, but I now prefer using flatpaks because of... - Source: Hacker News / 4 months ago
Https://github.com/containers/bubblewrap#sandboxing The bubblewrap readme mentions containers as binaries with binctr; I guess without overlayfs or other file-level reduplication due to the container fs in the binary. Perhaps similarly, also TIL. - Source: Hacker News / 4 months ago
My bad, looks like I misunderstood how bash-tool works. Then how about running Claude Code or your harness of choice inside bubblewrap with a shim/stub for the base binary? https://github.com/containers/bubblewrap. - Source: Hacker News / 4 months ago
Process-level sandboxing. Every job runs in a bwrap namespace with seccomp filtering. Isolated filesystem, isolated process tree โ a hostile prompt can't read other jobs' data or poke around the host. - Source: dev.to / 5 months ago
Https://docs.kernel.org/admin-guide/perf-security.html : > Usage of Performance Counters for Linux (perf_events) [1] , [2] , [3] can impose a considerable risk of leaking sensitive data accessed by monitored processes. How to mitigate such concerns with lower-level opcode counting for eWASM? Brendan Gegg's > perf examples: https://www.brendangregg.com/perf.html , and BPF/Perf book:... - Source: Hacker News / 5 months ago
Probably not. Maybe Bubblewrap and sandbox-run. It's an anything-is-already-way-better-than-nothing type of thing. [0]: https://github.com/containers/bubblewrap [1]: https://github.com/sandbox-utils/sandbox-run. - Source: Hacker News / 6 months ago
If a runtime is vulnerable then it didn't "set up a container properly". Containers are a kernel technology for isolating the restricting resources for a process and its descendants. Once set up correctly, any escape is a kernel 0day. For anyone who wants to understand what a container is at its core I would recommend bubblewrap: https://github.com/containers/bubblewrap. - Source: Hacker News / 6 months ago
The issue I encountered after that though, that was a bit annoying. Turns out if I choose the patched binary workaround, the remote server gets ran in bubblewrap, making sudo unavailable, meaning I had to have an open terminal on the laptop itself for rebuilding the system. Now I admit, my use case is... Different than a lot of others'. But: Slight annoyance. - Source: dev.to / 7 months ago
I've been messing with sandboxing using "bwrap" for random itch.io games I download to play and it isn't trivial to get it working with least privileges. I have so far been unable to get "Microlandia" to run, but other Unity games are running just fine under "bwrap". I am excited to see more Landlock tools emerge that make this task easier. - https://github.com/containers/bubblewrap. - Source: Hacker News / 8 months ago
Worth mentioning that Bubblewrap[1] (bwrap) can remove most npm/node attack vectors or, at the very least, limit the damage from running arbitrary code during install/execution. Far from a silver bullet, and you'll want to combine it with a simple wrapper script to avoid dinking around with all its arguments, but it beats dealing with rootless Podman containers. [1] https://github.com/containers/bubblewrap. - Source: Hacker News / 8 months ago
Bubblewrap is a really interesting project, really worth checking out. https://github.com/containers/bubblewrap It's the base for Flatpack, the thing that makes Flatpack be sandboxed. I use it to run Claude Code / Codex / Gemini CLI, to make sure that they have a limited / fake view of my system. You can bind directories into it, or overlay them into it, restrict other kinds of access. If Docker is a thing in a... - Source: Hacker News / 8 months ago
There are some more obvious things you should do (in order): 1. Have backups. You are running software all the time that can corrupt your files either maliciously or, more likely, accidentally. It doesn't really matter where it comes from, 2. Get into the habit of running things in sandboxes. You don't need anything magical here, a separate (unprivileged) user account is a good enough sandbox for many things. I... - Source: Hacker News / 12 months ago
Ariadne Conill, Founder and Distinguished Engineer at Edera, highlighted the necessity for a new low-level container runtime in a recent blog post. Existing solutions like Bubblewrap and util-linuxโs unshare rely heavily on complex command-line interfaces or lack the required programming control, making them error-prone. In contrast, high-level solutions like Kubernetes' Container Runtime Interface (CRI) abstract... - Source: dev.to / about 1 year ago
This is exactly what the tool bubblewrap[1] is built for. It is pretty easy to wrap binaries with it and it gives you control over exactly what permissions you want in the namespace. [1]: https://github.com/containers/bubblewrap. - Source: Hacker News / over 1 year ago
Do you know an article comparing Bubblewrap to other products?
Suggest a link to a post with product alternatives.
Is Bubblewrap good? This is an informative page that will help you find out. Moreover, you can review and discuss Bubblewrap here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.