Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 4600C782D26
	for <~alpine/users@lists.alpinelinux.org>; Mon, 19 Jul 2021 18:51:41 +0000 (UTC)
Received: from fews2.riseup.net (fews2-pn.riseup.net [10.0.1.84])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified))
	by mx1.riseup.net (Postfix) with ESMTPS id 4GT9tN2XmCzDxb0;
	Mon, 19 Jul 2021 11:51:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
	t=1626720700; bh=lypVN9oZEYl5uwqkoYpkCt0Xlx+Ut35gPaY/064GaXk=;
	h=Subject:To:References:From:Date:In-Reply-To:From;
	b=OOLWTgNRSJ4SlsIfxAoiBrimpQIjEk9L/4jIofovYhTjrqtCKo1gLAfwKXmtrAe3b
	 s8TgD/TL+PGgjV/kZlFqT5iiIuaGVuWH/Q2AcUXkjIjxlyhkxhB29BF25bpoWii1OF
	 5VUHnwbHSPgLj3cjVTwYrbDO/oVWTKE6yViqe7As=
X-Riseup-User-ID: FCFD23BEEF691DFB3A329F0662066AB04DCD2CD74089B7092F80F0C067F100DF
Received: from [127.0.0.1] (localhost [127.0.0.1])
	 by fews2.riseup.net (Postfix) with ESMTPSA id 4GT9tL72gvz1yQp;
	Mon, 19 Jul 2021 11:51:38 -0700 (PDT)
Subject: Re: Firejail
To: ml-devel@keemail.me, ~alpine/users <~alpine/users@lists.alpinelinux.org>
References: <MexPCzM--3-2@keemail.me>
 <87c4c1c0-f20-3f9-2a6-a85c9a4b2133@dereferenced.org>
 <MextMId--3-2@keemail.me>
 <5eec4fc-291d-1aae-dac-4776cba0945b@dereferenced.org>
 <Mezfm_C--3-2@keemail.me>
From: Donoban <donoban@riseup.net>
Message-ID: <015b2e3a-7258-9b2c-cf8e-efdb728ab64f@riseup.net>
Date: Mon, 19 Jul 2021 18:51:35 +0000
MIME-Version: 1.0
In-Reply-To: <Mezfm_C--3-2@keemail.me>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

On 19/7/21 16:52, ml-devel@keemail.me wrote:
> Do you know how to write Firejail's `firejail --private executable` 
> equivalent for Bubblewrap? I never use my browser to access/upload 
> files from my local filesystem, so I don't see why it should have 
> access to them.
>
> I tried looking it up, but `bubblewrap` seems much more complicated 
> than Firejail. I haven't yet wrapped my head around it.

Take a look to bubblejail which is a simpler wrapper for bubblewrap and 
also has a basic GUI, bubbejail-config.

On bubblejail all Instances have their private home (stored in 
~/.local/share/bubblejail/instances/) and then you can mount other 
folders from your real home if needed.


Donoban