bubblewrap ☆

« Back to VersTracker

Description:
Unprivileged sandboxing tool for Linux

Type: Formula | Latest Version: 0.11.0@0 | Tracked Since: Dec 17, 2025

Links: Homepage | formulae.brew.sh

Category: Security

Tags: sandbox security linux isolation containers unprivileged

Install: brew install bubblewrap

About:
Bubblewrap is a lightweight, unprivileged sandboxing tool designed for Linux systems. It leverages kernel namespaces and bind mounts to create isolated environments for running applications without requiring root privileges. This allows developers to safely test and run untrusted code while minimizing the attack surface on the host system.

Key Features:

Unprivileged operation: Runs without root access using user namespaces
Lightweight and simple: Minimal overhead compared to full virtualization
Namespace isolation: Uses Linux kernel namespaces for process, network, and filesystem isolation
Composable: Can be combined with other security mechanisms like seccomp and capabilities

Use Cases:

Sandboxing untrusted applications or scripts
Running container workloads without full container runtime overhead
Isolating development environments from the host system

Alternatives:

Firejail – More feature-rich with profile-based configuration, but larger attack surface
Docker – Full container runtime with more features but requires root daemon and is heavier

License: LGPL-2.0-or-later

Dependencies: libcap

Bottles available for: arm64_linux, x86_64_linux

Version History

Detected	Version	Rev	Change	Commit
Oct 30, 2024 6:26pm		0	VERSION_BUMP	99614a6f