Bubblewrap
E745789
Bubblewrap is a Linux sandboxing tool that creates isolated environments for running applications with restricted access to the host system.
Statements (45)
| Predicate | Object |
|---|---|
| instanceOf |
Linux security software
ⓘ
sandboxing tool ⓘ software ⓘ |
| canRestrict |
filesystem access
ⓘ
network access ⓘ process visibility ⓘ system calls ⓘ |
| category |
Linux security
ⓘ
application sandboxing ⓘ system utilities ⓘ |
| configuration | command-line options define sandbox rules ⓘ |
| designedFor |
container-like isolation without full containers
ⓘ
running applications with restricted privileges ⓘ |
| environment | user-space tool ⓘ |
| executionModel | runs a specified command inside a sandbox ⓘ |
| feature |
dropping capabilities
ⓘ
filesystem isolation ⓘ filtering system calls ⓘ mounting a private filesystem view ⓘ network isolation ⓘ process ID isolation ⓘ restricting access to host directories ⓘ user ID isolation ⓘ |
| implementsConcept |
process isolation
ⓘ
sandboxing ⓘ |
| interface | command-line interface ⓘ |
| license | free and open-source software license ⓘ |
| operatingSystem | Linux ⓘ |
| purpose |
create isolated environments for applications
ⓘ
restrict application access to the host system ⓘ |
| relation | used as a low-level sandboxing primitive by higher-level tools ⓘ |
| securityGoal |
limit damage from compromised applications
ⓘ
protect host system resources ⓘ |
| securityProperty |
containment
ⓘ
least privilege ⓘ |
| softwareType | sandbox ⓘ |
| typicalUseCase |
isolating build or test environments
ⓘ
running untrusted applications safely ⓘ sandboxing desktop applications ⓘ |
| usesMechanism |
Linux namespaces
ⓘ
PID namespaces ⓘ cgroups ⓘ mount namespaces ⓘ seccomp filters ⓘ user namespaces ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.