Software Alternatives, Accelerators & Startups
Bubblewrap

Bubblewrap Reviews and Details

This page is designed to help you find out whether Bubblewrap is good and if it is the right choice for you.

Screenshots and images

  • Bubblewrap Landing page
    Landing page //
    2023-09-08

Features & Specs

  1. Security

    Bubblewrap provides enhanced security by allowing applications to run in a sandboxed environment, minimizing the risk of malicious code affecting the host system.

  2. Isolation

    It offers strong isolation features by creating a separate filesystem namespace, limiting an application's ability to interact with the host filesystem.

  3. Lightweight

    Bubblewrap is a lightweight solution compared to full-fledged container solutions, making it suitable for simple sandboxing without the overhead of containers.

  4. Flexibility

    It provides flexibility to configure namespaces, capabilities, and cgroups, allowing fine-grained control over the sandbox environment.

  5. Minimal dependencies

    Bubblewrap has minimal dependencies, which makes it easier to install and use across different environments.

Badges

Promote Bubblewrap. You can add any of these badges on your website.

SaaSHub badge
Show embed code

Videos

Glossier Bubblewrap Review + MORE | zoerudd

GLOSSIER BUBBLEWRAP EYE CREAM * Review + First Impressions

GLOSSIER BUBBLEWRAP REVIEW...HMMM

Social recommendations and mentions

We have tracked the following product recommendations or mentions on various public social media platforms and blogs. They can help you see what people think about Bubblewrap and what they use it for.
  • GPT 5.6
    Typically I just want to isolate the agent disallowing it from accessing other parts of the filesystem. Using a different user might be enough, but I typically use [bubblewrap](https://github.com/containers/bubblewrap). - Source: Hacker News / 10 days ago
  • pseudoroot, fakeroost, hakoniwa... How to deal with unpriviledge packaging?
    A third way sort of in between, that I'm using in crossdev-stages already, is to leverage more modern linux features to have both sandboxing AND the illusion of being root. Hakoniwa and bubblewrap are the best tools to achieve that. - Source: dev.to / 16 days ago
  • Jamesob's guide to running SOTA LLMs locally
    It depends - for what? If your security model is sandboxing an agent to ensure they don't nuke your PC, then there are a lot of options, you can use something like bubblewrap[1] or a microVM like libkrun[2] if your goal is light-weight, up to full Docker if you want the tooling that comes with that. [1] https://github.com/containers/bubblewrap [2] https://github.com/libkrun/libkrun. - Source: Hacker News / 16 days ago
  • GLM-5.2 is the step change for open agents
    I use both the openai subscription and the opencode go subscription. I use the go subscription for my personal work and the openai subscription for my consulting work. The differences between the models are minimal, but I usually stick with gpt-5.4-mini, gpt-5.4, mimo-pro-2.5, deepseek-v4-pro. These latter ones have way more usage than even using 5.4-mini so I tend to use them in personal projects for that reason.... - Source: Hacker News / 26 days ago
  • Launch HN: Freestyle: Sandboxes for AI Coding Agents
    Https://github.com/containers/bubblewrap?tab=readme-ov-file For hardware virtualized machines it much harder but you can do it via:. - Source: Hacker News / 3 months ago
  • 512,000 Lines of Claude Code Leaked Through a Single .npmignore Mistake
    The sandbox implementation is where the engineering gets particularly impressive. On macOS, Claude Code uses Seatbelt, Apple's kernel-level sandboxing framework that's the same technology Safari uses to isolate web content. On Linux, it uses bubblewrap, a namespace-based container isolation tool originally developed for Flatpak. The source reveals granular permission controls over filesystem access, network... - Source: dev.to / 4 months ago
  • Don't YOLO your file system
    > The claude sandbox is a good idea, but to be effective it would need to be implemented at a very low level and enforced on all programs that claude launches. I feel like an integration with bubblewrap, the sandboxing tech behind Flatpak, could be useful here. Have all executed commands wrapped with a BW context to prevent and constrain access. https://github.com/containers/bubblewrap. - Source: Hacker News / 4 months ago
  • OpenSUSE Kalpa
    > dislike flatpaks and favor a low-level, bare-metal approach Flatpaks are sandboxed with bubblewrap[1]. I would still call that bare-metal. And flatpaks aren't particularly bloated either, there's no need for a flatpak to be any bigger than a regular binary if it only depends on the kde/gnome/freedesktop runtime. I used to prefer installing apps via my distro directly, but I now prefer using flatpaks because of... - Source: Hacker News / 4 months ago
  • Pyodide: a Python distribution based on WebAssembly
    Https://github.com/containers/bubblewrap#sandboxing The bubblewrap readme mentions containers as binaries with binctr; I guess without overlayfs or other file-level reduplication due to the container fs in the binary. Perhaps similarly, also TIL. - Source: Hacker News / 4 months ago
  • Agent Safehouse โ€“ macOS-native sandboxing for local agents
    My bad, looks like I misunderstood how bash-tool works. Then how about running Claude Code or your harness of choice inside bubblewrap with a shim/stub for the base binary? https://github.com/containers/bubblewrap. - Source: Hacker News / 4 months ago
  • I needed Claude Code as a network service for my pipelines. So I built one.
    Process-level sandboxing. Every job runs in a bwrap namespace with seccomp filtering. Isolated filesystem, isolated process tree โ€” a hostile prompt can't read other jobs' data or poke around the host. - Source: dev.to / 5 months ago
  • Show HN: CSL-Core โ€“ Formally Verified Neuro-Symbolic Safety Engine for AI
    Https://docs.kernel.org/admin-guide/perf-security.html : > Usage of Performance Counters for Linux (perf_events) [1] , [2] , [3] can impose a considerable risk of leaking sensitive data accessed by monitored processes. How to mitigate such concerns with lower-level opcode counting for eWASM? Brendan Gegg's > perf examples: https://www.brendangregg.com/perf.html , and BPF/Perf book:... - Source: Hacker News / 5 months ago
  • Show HN: I Built a Sandbox for Agents
    Probably not. Maybe Bubblewrap and sandbox-run. It's an anything-is-already-way-better-than-nothing type of thing. [0]: https://github.com/containers/bubblewrap [1]: https://github.com/sandbox-utils/sandbox-run. - Source: Hacker News / 6 months ago
  • Sandboxing Untrusted Python
    If a runtime is vulnerable then it didn't "set up a container properly". Containers are a kernel technology for isolating the restricting resources for a process and its descendants. Once set up correctly, any escape is a kernel 0day. For anyone who wants to understand what a container is at its core I would recommend bubblewrap: https://github.com/containers/bubblewrap. - Source: Hacker News / 6 months ago
  • My experience installing Nix OS
    The issue I encountered after that though, that was a bit annoying. Turns out if I choose the patched binary workaround, the remote server gets ran in bubblewrap, making sudo unavailable, meaning I had to have an open terminal on the laptop itself for rebuilding the system. Now I admit, my use case is... Different than a lot of others'. But: Slight annoyance. - Source: dev.to / 7 months ago
  • Landlock-Ing Linux
    I've been messing with sandboxing using "bwrap" for random itch.io games I download to play and it isn't trivial to get it working with least privileges. I have so far been unable to get "Microlandia" to run, but other Unity games are running just fine under "bwrap". I am excited to see more Landlock tools emerge that make this task easier. - https://github.com/containers/bubblewrap. - Source: Hacker News / 8 months ago
  • SHA1-Hulud the Second Comming โ€“ Postman, Zapier, PostHog All Compromised via NPM
    Worth mentioning that Bubblewrap[1] (bwrap) can remove most npm/node attack vectors or, at the very least, limit the damage from running arbitrary code during install/execution. Far from a silver bullet, and you'll want to combine it with a simple wrapper script to avoid dinking around with all its arguments, but it beats dealing with rootless Podman containers. [1] https://github.com/containers/bubblewrap. - Source: Hacker News / 8 months ago
  • Using bubblewrap to add sandboxing to NetBSD
    Bubblewrap is a really interesting project, really worth checking out. https://github.com/containers/bubblewrap It's the base for Flatpack, the thing that makes Flatpack be sandboxed. I use it to run Claude Code / Codex / Gemini CLI, to make sure that they have a limited / fake view of my system. You can bind directories into it, or overlay them into it, restrict other kinds of access. If Docker is a thing in a... - Source: Hacker News / 8 months ago
  • Vet is a safety net for the risky curl | bash pattern
    There are some more obvious things you should do (in order): 1. Have backups. You are running software all the time that can corrupt your files either maliciously or, more likely, accidentally. It doesn't really matter where it comes from, 2. Get into the habit of running things in sandboxes. You don't need anything magical here, a separate (unprivileged) user account is a good enough sandbox for many things. I... - Source: Hacker News / 12 months ago
  • Announcing Styrolite: A New Low Level Container Runtime for Linux
    Ariadne Conill, Founder and Distinguished Engineer at Edera, highlighted the necessity for a new low-level container runtime in a recent blog post. Existing solutions like Bubblewrap and util-linuxโ€™s unshare rely heavily on complex command-line interfaces or lack the required programming control, making them error-prone. In contrast, high-level solutions like Kubernetes' Container Runtime Interface (CRI) abstract... - Source: dev.to / about 1 year ago
  • Popular GitHub Action tj-actions/changed-files is compromised
    This is exactly what the tool bubblewrap[1] is built for. It is pretty easy to wrap binaries with it and it gives you control over exactly what permissions you want in the namespace. [1]: https://github.com/containers/bubblewrap. - Source: Hacker News / over 1 year ago

Do you know an article comparing Bubblewrap to other products?
Suggest a link to a post with product alternatives.

Suggest an article

Bubblewrap discussion

Log in or Post with

Is Bubblewrap good? This is an informative page that will help you find out. Moreover, you can review and discuss Bubblewrap here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.