bwrap

Create lightweight unprivileged sandboxes

TLDR

Run a program in a read-only environment

$ bwrap --ro-bind / / [/bin/bash]

Give access to devices, process info, and tmpfs

$ bwrap --dev-bind /dev /dev --proc /proc --ro-bind / / --tmpfs /tmp [/bin/bash]

Run with no network access

$ bwrap --unshare-net --ro-bind / / --dev /dev --proc /proc [/bin/bash]

Run isolated process that dies when parent exits

$ bwrap --unshare-all --die-with-parent --ro-bind / / --dev /dev --proc /proc [command]

SYNOPSIS

bwrap [options] command [arguments]

bwrap (bubblewrap) creates lightweight sandboxes using Linux namespaces. It provides unprivileged containers for running applications with restricted access to the filesystem, network, and other system resources.The tool is commonly used by Flatpak and other sandboxing systems to isolate applications from the host system.

PARAMETERS

--ro-bind src dest

Bind mount source read-only at destination

--bind src dest

Bind mount source read-write at destination

--dev-bind src dest

Bind mount source with device access

--proc dest

Mount procfs at destination

--tmpfs dest

Mount tmpfs at destination

--unshare-pid

Create new PID namespace

--unshare-net

Create new network namespace

--unshare-user

Create new user namespace

--unshare-all

Unshare all available namespaces

--unshare-ipc

Create new IPC namespace

--unshare-uts

Create new UTS namespace

--unshare-cgroup

Create new cgroup namespace

--symlink SRC DEST

Create a symbolic link

--dev DEST

Mount new devtmpfs at destination

--dir DEST

Create a directory

--setenv VAR VALUE

Set environment variable

--unsetenv VAR

Remove environment variable

--chdir DIR

Change working directory

--hostname HOSTNAME

Set custom hostname (requires --unshare-uts)

--die-with-parent

Kill sandbox when parent process dies

--new-session

Create new terminal session via setsid()

--cap-add CAP

Add Linux capability

--cap-drop CAP

Drop Linux capability

--seccomp FD

Load seccomp rules from file descriptor

CAVEATS

Requires user namespaces to be enabled in the kernel. Not a complete security boundary; some attack vectors may still exist. Complex sandboxing requires careful bind mount configuration.