Bubblewrap is a low-level Linux sandboxing tool that uses namespaces, seccomp, and capability dropping to isolate untrusted applications. I wrote this TUI because I find bubblewrap's necessarily long command lines hard to grapple with, and yet I've long wanted something to allow me safely and conveniently get wild with curl|bash installs.
This is a Python/Textual app, which uses uv to handle its dependencies. You install a single python script by downloading it (and then optionally running with --install to move it into ~/.local/bin.) Instead of memorizing dozens of flags, you configure the sandbox visually and see exactly what bwrap command gets generated, before choosing to run it when you're ready.
UI support for:
- Directory bindings with read-only/read-write toggles
- Overlay filesystems (tmpfs or persistent)
- Environment variables (and support for loading .env files)
- Capability dropping
- Namespace isolation (user, PID, IPC, UTS, cgroup, network)
- Profile saving/loading
- ...and more!
This is currently beta. It only generates bwrap commands, so it's safe to play with. If there's interest in it, I'll keep working on it. And I welcome PRs, collabs, bug reports, suggestions, and feedback.
smallerfish•1h ago
This is a Python/Textual app, which uses uv to handle its dependencies. You install a single python script by downloading it (and then optionally running with --install to move it into ~/.local/bin.) Instead of memorizing dozens of flags, you configure the sandbox visually and see exactly what bwrap command gets generated, before choosing to run it when you're ready.
UI support for:
Examples: This is currently beta. It only generates bwrap commands, so it's safe to play with. If there's interest in it, I'll keep working on it. And I welcome PRs, collabs, bug reports, suggestions, and feedback.