Bubblewrap

Bubblewrap is a Linux sandbox runner that creates lightweight, isolated execution environments for running untrusted applications. It combines Linux user, mount, network, PID, and UTS namespaces with seccomp-BPF system call filtering to restrict filesystem, network, process, and inter-process communication access.

The project provides comprehensive process isolation by giving each sandbox its own private tmpfs root with selective bind-mounts, a separate network stack containing only a loopback interface, an independent process ID space, and remapped user and group identifiers. It applies seccomp filters to block dangerous kernel system calls before they execute, and assigns an independent hostname to the sandbox environment through UTS namespace isolation.

Bubblewrap enforces read-only and nodev filesystem access by default, preventing sandboxed processes from writing to or creating device nodes on the host. The sandbox environment is created using user namespaces, which hide real user and group identifiers from sandboxed processes by mapping them to different values inside the namespace.

Features

Execution Sandboxes - Executes applications inside lightweight Linux sandboxes with user namespace isolation.

Application Sandboxing - Runs untrusted applications in an isolated Linux environment with restricted filesystem, network, and process access.

Tmpfs Root Sandbox Execution - Creates a new mount namespace with a tmpfs root and bind-mounts only the directories the application should see.

Tmpfs Root Sandboxing - Creates a private tmpfs root and selectively bind-mounts only allowed directories for filesystem isolation.

Tmpfs Root with Bind-Mounts - Creates a tmpfs root and bind-mounts only allowed directories with read-only and nodev defaults.

Loopback-Only Network Isolation - Gives the sandbox its own network namespace with only a loopback device, cutting off all external network connectivity.

Loopback-Only Network Namespaces - Gives the sandbox its own network namespace with only a loopback interface, cutting off external access.

Loopback-Only Network Stacks - Gives the sandbox its own network namespace with only a loopback interface, blocking external access.

Namespace-Based Isolation - Creates lightweight containers using Linux user, PID, mount, network, and UTS namespaces for process isolation.

IPC Namespace Isolation - Provides its own SysV IPC namespace to isolate shared memory and semaphores from the host.

PID Namespace Isolation - Isolates the sandbox's process list so it cannot see or signal processes outside the sandbox.

Process Visibility Remappings - Provides PID namespace isolation so sandboxed processes cannot see or signal host processes.

PID Space Isolation - Provides an independent PID namespace so sandboxed processes cannot see or signal host processes.

Linux Sandboxes - Runs applications in a restricted environment using Linux user namespaces and mount namespaces.

Network Isolation - Cuts off external network connectivity by giving the sandbox its own network namespace with only a loopback device.

Seccomp Profiles - Applies seccomp-BPF filters to block dangerous kernel system calls inside the sandbox.

BPF-Based Syscall Blocking - Applies seccomp-BPF filters to intercept and block dangerous kernel system calls before execution.

User Namespace Mappings - Maps host user and group IDs to different values inside the sandbox via user namespaces.

UID/GID Remapping - Maps host user and group IDs to different values inside the sandbox, hiding real identifiers.

UTS Namespace Hostname Separation - Assigns an independent hostname to the sandbox via UTS namespace isolation.

SysV IPC Isolation - Gives the sandbox its own copy of SysV shared memory, semaphores, and other IPC primitives.

Read-Only Filesystem Enforcement - Enforces read-only and nodev filesystem access by default to prevent host modification.

Host Security Tools - Sandboxing tool for restricting application access to system resources.

containersbubblewrap

Features

Star history