top | item 46092847

(no title)

I've been messing with sandboxing using "bwrap" for random itch.io games I download to play and it isn't trivial to get it working with least privileges. I have so far been unable to get "Microlandia" to run, but other Unity games are running just fine under "bwrap". I am excited to see more Landlock tools emerge that make this task easier.

- https://github.com/containers/bubblewrap

- https://codeberg.org/dannyfritz/dotfiles/src/commit/38343008...

- https://explodi.itch.io/microlandia

discuss

webstrand|3 months ago

I was just playing with bwrap for isolating npm project actions from the rest of my system.

    bwrap --unshare-pid --dev-bind / / --tmpfs /home --bind "$(pwd)" "$(pwd)" bash

it seems to work fairly well? But I just started playing with bwrap this weekend. I do wish bwrap could be told "put the program in this pre-prepared network namespace" because accessing unsecured local dev servers could also be an issue.

tommica|3 months ago

I had this idea of having toolbox+custom user for each project - that way it would be "simple" to have isolated environments, but it does lead to a lot of bloat. And I do think it is a naive solution.

Bwrap seems like a better option.