valoq's bubblewrap scripts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
valoq 5a91c9e587
move unfinished profiles
1 month ago
profiles move unfinished profiles 1 month ago
LICENSE Initial commit 3 years ago
README.md fixed typo 3 years ago
exportFilter.c minor improvements 10 months ago

README.md

bwscripts

Bubblewrap example scripts

This repository contains some tools for working with bubblewrap as well as example profile scripts for several programs to show how bubblewrap can be used to sandbox applications.

Install

To automatically use the sandboxed applications profiles, copy the scripts to /usr/local/bin and make them executable. By default a seccomp bpf file is expected in that directory as well. Use the exportFilter program to generate the seccomp bpf file. You can create individual filters by specifying syscalls to be blacklisted or whitelisted using the defined macros.

Disclaimer

This repository is not associated with the official bubblewrap project

Warning

Using the provided scripts to sandbox linux desktop applications only provides limited protection as there are several weak points like the X-Window-Server and Dbus IPC that need to be isolated as well to prevent sandbox escape.