macOS 上用 sandbox-exec 隔離
#agent #app #apple #bubblewrap #bwrap #coding #design #exec #guide #linux #macos #sandbox #SandboxExec #security
#Bubblewrap
Our Weekly Update #62 is live! 🎥✨
Watch now: https://youtu.be/1NfNykcpIks
Don’t forget to subscribe & hit the bell 🔔!
Subscribe to our weekly newsletter!
👉 https://urlroulette.net/newsletter/subscribeform 🚀
Now I'm thinking about a new strategy:
- stop service
- make #btrfs snapshot (seconds at max)
- restart service
- run #borgBackup from snapshot, but via #bubbleWrap so it sees it as the original path and inodes for consistency&performance!
- run as many borg backups as desired to any remote, even in parallel, as the service is running again
Thoughs?
Linux 下用 bubblewrap (bwrap) 跑 Claude Code
AI 에이전트 코드 실행의 딜레마, 샌드박싱으로 안전하게 해결하는 법
AI 에이전트가 생성한 코드를 안전하게 실행하는 샌드박싱 기법. bubblewrap 로컬 격리와 Deno Sandbox의 네트워크 제어·시크릿 보호를 소개합니다.
🔗 UrlRoulette URL of the Day #430! 🌟
Virtual bubble wrap - burst them all!
Online bubble wrap popping, a stress-relief satisfying web app. Pop bubbles non-stop.
This is our URL of the day 👉 https://urlroulette.net/ui/3m46tG3xrpCW 🚀
Would you be interested in cooperating to build the next #dangerzone #flatpak #snap #ai/#gpu #rustlang #sandbox (insert-hype-here) based on #sydbox rather than #bubblewrap #firejail #snap-confine #gvisor (insert-sandbox-here)? We have #sydbox the application kernel, pandora the automatic profile writer, and syd-tui as a basic tui frontend using #ratatui, however we lack more practical tooling for wider adoption. Dreams, ideas, plans, all sorts of feedback, and contributions are equally welcome!
Cats, flowers and bubble wrap; does it get any better? #CaturdayEveryday #Caturday #CatsOfMastodon #BubbleWrap
Sometimes devil is in the details. #POSIX requires option parsing to terminate when the initial non-option argument is encountered. This is different than the #GNU style which continues parsing arguments until an explicit "--" is encountered. The latter has been susceptible to command line injection attacks. One recent example is in #bubblewrap & #flatpak combo with CVE-2024-32462. Otoh, #sydbox and all its utilities use posixly correct option parsing: https://nvd.nist.gov/vuln/detail/cve-2024-32462 #linux #security
Good to know.
#Bubblewrap creates isolated environments using #Linux kernel namespaces. It achieves this by creating a new, completely empty mount namespace where the root is mounted on a tmpfs. When installed, Bubblewrap provides a bwrap CLI tool that can be used to wrap any command (with caveats). Of special interest are coding agents like #OpenCode, Claude Code etc.
Bubblewrap: A nimble way to prevent agents from accessing your .env files
#HackerNews #Bubblewrap #nimble #prevent #agents #env #files #coding #secrets #security
Dự án 'Popcalypse' ra mắt game bóp bong bóng chống sốc trực tuyến, đa người chơi. Mỗi bong bóng được đồng bộ: bóp một cái, nó biến mất với tất cả. Hết là hết mãi mãi! Có cả tấm riêng cho bạn.
#Popcalypse #Game #BubbleWrap #SideProject #TròChơi #BongBóng
https://www.reddit.com/r/SideProject/comments/1q0io6j/a_million_bubble_countdown_to_the_popcalypse/
what i want to eventually see is a GUI program similar to #bottles, but for managing (#flatpak / #bubblewrap) -based sandboxes on #linux
let's say i have some proprietary program or game i don't entirely trust, or that depends on libraries not supplied in my distro
i want to be able to create a sort of container for it, pick one of the Freedesktop runtimes as the basis (maybe with some extras, like the GNOME or KDE libraries added), set which directories and interfaces the programs inside the container have access to, then just be able to copy files and run executables inside it
CI/CD Week Day 2! Security is key! Running directly on the host (bareMetal) is fast, but system admins need control over what processes run.
Enter Executor 2: bwrap (bubblewrap). This creates a very light container/sandbox, similar to what Flatpak uses!
You get the same execution capability (e.g., running `echo "hello" > README.md`), but in a confined, isolated way. It's the best of both worlds: speed and security!
Ready for the executor that lets you run any process? Follow me for tomorrow's reveal! 🐳
#CICD #DevOps #Bubblewrap #Security #Containers
💥 Bubble wrap bursts enable power-free acoustic testing
https://techxplore.com/news/2025-10-enable-power-free-acoustic.html
🍾🤡 #Bubblewrap, the high-tech innovation to #NetBSD, because who needs robust security when you can just pop your way to safety? 🎈✨ Welcome to the future of sandboxing: as strong as the packaging your last Amazon delivery came in. 🚀🛍️
https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing #TechInnovation #Sandboxing #SecurityFail #FutureOfTech #HackerNews #ngated
Using bubblewrap to add sandboxing to NetBSD
https://blog.netbsd.org/tnf/entry/gsoc2025_bubblewrap_sandboxing
#HackerNews #bubblewrap #NetBSD #sandboxing #GSoC2025 #security #technology
September patreon rewards going out today! I meant to do a sneak peek of the zine I made several days ago, but the time really got away from me. As usual, this zine will be available on my ko-fi soon. Patron work just comes first!
In addition to the mini zine Human Rights Are Not an Opinion, patrons get bubble wrap prints to use as their own zine fodder or whatever they please. Digital tier members get to download everything as PNGs for $2 a month, and physical tier members get hard copies for $8 a month.
Image description: Five photos of zines and prints on a wood table. The mini zine features lots of the color red and the cover's background includes lava. The writing is done in sharpie. The title is human rights are not an opinion. The inside spread says my life is not your debate. The prints are done with various colors of ink on bubble wrap which is then pressed onto the paper. The final photo is of the backs of the sealed and decorated envelopes. Witchy washi tape and cute stickers.
#zine #zines #snailmail #zineclub #patreonrewards #humanrights #bubblewrap #diy #stamping
In addition to the mini zine Human Rights Are Not an Opinion, patrons get bubble wrap prints to use as their own zine fodder or whatever they please. Digital tier members get to download everything as PNGs for $2 a month, and physical tier members get hard copies for $8 a month.
Image description: Five photos of zines and prints on a wood table. The mini zine features lots of the color red and the cover's background includes lava. The writing is done in sharpie. The title is human rights are not an opinion. The inside spread says my life is not your debate. The prints are done with various colors of ink on bubble wrap which is then pressed onto the paper. The final photo is of the backs of the sealed and decorated envelopes. Witchy washi tape and cute stickers.
#zine #zines #snailmail #zineclub #patreonrewards #humanrights #bubblewrap #diy #stamping
@Imperor flatpak uses bubblewrap for sandboxing, unless I am mistaken, then flatseal configures those bubblewrap permissions. So, you could start your programs with it too. Another way would be AppArmor. Or, if you want something to keep your base system clean (this does not bring any security advantages) you could use distrobox.
#linux #sandboxing #security #bubblewrap #apparmor #gnulinux #flatpak
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst