As an example we will look at man 1 bwrap. Bubblewrap allows us to sandbox an application, not too dissimilar to docker. Flatpaks use bubblewrap as part of their sandbox. Bubblewrap can optionally take in a list of syscalls to filter. The filter is expressed as a BPF(Berkley Packet Filter program - remember when I said docker gives you a friendlier interface to seccomp?) program. Below is a short program... - Source: dev.to / 26 days ago

I have already been using bubblewrap[1] to isolate KeePassXC from the network and more (the only access it has is to its own private directory and the Wayland socket). I wouldn't recommend relying on devs or maintainers to do application isolation work for you. [1] <https://github.com/containers/bubblewrap>. - Source: Hacker News / about 1 month ago

Recently, I came across Chainguard and wrote the article How to build Docker Images with Melange and Apko. As a fervent supporter of Kubernetes and GitLab CI, I was eager to experiment with building images using Melange in this particular setup. GitLab's shared Runners work seamlessly with Bubblewrap, eliminating the need for additional configurations. This post is intended for enthusiasts like myself, interested... - Source: dev.to / 6 months ago

``` This is basically manually invoking what Flatpak does: https://github.com/containers/bubblewrap This is also useful for more than just security. E.G., you can test how your app would behave on a fresh install by masking your user configuration files. I personally also have a tool that uses it to basically bundle all dependencies from an entire Linux... - Source: Hacker News / 9 months ago

To, say, override the KDE plugins while testing. This is useful for me since it's rather challenging during development to actually get KDE apps to reliably load my plugins on NixOS: I think kio slaves are probably wrapped and getting other environments injected into them. Rather than bother with any tricky hacks, Linux namespaces make it relatively easy to test regardless. Bubblewrap is used internally by Flatpak... - Source: Hacker News / 11 months ago

Origin server only shows Cloudflare IP's so I decided to add this UA to my WAF with a Managed Challenge. After roughly 30 minutes and almost 100 hits on it CSR was 0%. Looking at the CF logs for the specific WAF shows IP's and locations from everywhere(US, UK, India, China, Nigeria, etc) and when I check IP's at abuseipdb.com they're all clean but none of them seem to get through the managed challenge. I removed... Source: 9 months ago

Switched to Maspik Anti-Spam, with a manually curated list of keywords, and integration with abuseipdb.com and proxycheck.io. But both of those were also causing false positives, especially from my co-worker who uses a virtual machine, so upped the tolerance to 70 on both. Source: about 1 year ago

This install of Docker is only a few days old. Most of the IPs associated are showing "banned" on abuseipdb.com. Source: about 1 year ago

People build lists like OP is all the time, have you seen https://abuseipdb.com/? Source: about 1 year ago

To keep your Synology safe, regularly update list of blocked ip addresses. I'm using this script, which takes list of ip addresses from blocklist.de and abuseipdb.com and add them to my block list. I keep them blocked forever. Source: about 1 year ago