bubblewrap

brew install bubblewrap v0.11.2 LGPL-2.0-or-later

Linux sandboxing tool using user namespaces to let unprivileged users isolate processes without root.

Why you might care

Bubblewrap lets regular users create lightweight sandboxes for untrusted code or applications without requiring setuid or privileged daemons—essential for container runtimes, browser sandboxing, and application isolation on multi-user systems. It's the low-level sandboxing backend for Flatpak and other container tools that need safe unprivileged operation.

Alternatives

systemd-nspawn firejail docker podman

78.4k

30-day installs · #62

80.3k

90-day · #213

80.8k

365-day · #491

7.7k

★ GitHub stars · updated 18d ago

Runtime dependencies

libcap

Build dependencies

docbook-xsl libxslt meson ninja pkgconf

GitHub topics

linux-containers user-namespaces

Links

https://github.com/containers/bubblewrap
GitHub: containers/bubblewrap
Brew formula source: Formula/b/bubblewrap.rb

Blurb generated by claude-haiku-4-5 on today.

Raw metadata

{
  "aliases": [],
  "alternatives": [
    "systemd-nspawn",
    "firejail",
    "docker",
    "podman"
  ],
  "build_dependencies": [
    "docbook-xsl",
    "libxslt",
    "meson",
    "ninja",
    "pkgconf"
  ],
  "categories": [
    "container-runtime",
    "security",
    "sandbox"
  ],
  "caveats": null,
  "conflicts_with": [],
  "dependencies": [
    "libcap"
  ],
  "deprecated": 0,
  "deprecation_reason": null,
  "desc": "Unprivileged sandboxing tool for Linux",
  "disable_reason": null,
  "disabled": 0,
  "enrichment_fetched_at": "2026-06-20T23:36:01+00:00",
  "first_seen": "2026-06-20T23:34:18+00:00",
  "full_name": "bubblewrap",
  "github_default_branch": "main",
  "github_last_commit_at": "2026-06-02T18:05:07Z",
  "github_readme_excerpt": "Bubblewrap\n==========\n\nMany container runtime tools like `systemd-nspawn`, `docker`,\netc. focus on providing infrastructure for system administrators and\norchestration tools (e.g. Kubernetes) to run containers.\n\nThese tools are not suitable to give to unprivileged users, because it\nis trivial to turn such access into a fully privileged root shell\non the host.\n\nUser namespaces\n---------------\n\nThere is a feature in the Linux kernel called\n[user namespaces](https://www.google.com/search?q=user+namespaces+site%3Ahttps%3A%2F%2Flwn.net)\nwhich allows unprivileged users to use container features. Bubblewrap uses these to\nbuild the sandbox, allowing any user to use the tool.\n\nHistorically, bubblewrap also supported a setuid mode for systems where\nunprivileged user namespaces were not supported. However, this has been\nremoved.\n\nThe original bubblewrap code existed before user namespaces - it inherits code from\n[xdg-app helper](https://cgit.freedesktop.org/xdg-app/xdg-app/tree/common/xdg-app-helper.c?id=4c3bf179e2e4a2a298cd1db1d045adaf3f564532)\nwhich in turn distantly derives from\n[linux-user-chroot](https://git.gnome.org/browse/linux-user-chroot).\n\nSystem security\n---------------\n\nThe maintainers of this tool believe that it does not, even when used\nin combination with typical software installed on that distribution,\nallow privilege escalation.  It may increase the ability of a logged\nin user to perform denial of service attacks, however.\n\nIn particular, bubblewrap uses `PR_SET_NO_NEW_PRIVS` to turn off\nsetuid binaries, which is the [traditional way](https://en.wikipedia.org/wiki/Chroot#Limitations) to get out of things\nlike chroots.\n\nSandbox security\n----------------\n\nbubblewrap is a tool for constructing sandbox environments.\nbubblewrap is not a complete, ready-made sandbox with a specific security\npolicy.\n\nSome of bubblewrap\u0027s use-cases want a security boundary between the sandbox\nand the real system; other use-cases want the ability to change the layout of\nthe filesystem",
  "github_repo": "containers/bubblewrap",
  "github_stars": 7673,
  "github_topics": [
    "linux-containers",
    "user-namespaces"
  ],
  "homepage": "https://github.com/containers/bubblewrap",
  "homepage_og_description": null,
  "homepage_og_image": null,
  "homepage_title": null,
  "installs_30d": 78391,
  "installs_365d": 80807,
  "installs_90d": 80348,
  "keg_only": 0,
  "keg_only_reason": null,
  "last_seen": "2026-06-20T23:34:18+00:00",
  "license": "LGPL-2.0-or-later",
  "llm_generated_at": "2026-06-20T23:42:27+00:00",
  "llm_model": "claude-haiku-4-5",
  "name": "bubblewrap",
  "oldnames": [],
  "one_liner": "Linux sandboxing tool using user namespaces to let unprivileged users isolate processes without root.",
  "optional_dependencies": [],
  "rank_30d": 62,
  "rank_365d": 491,
  "rank_90d": 213,
  "raw_hash": "65cef80a303a3991",
  "recommended_dependencies": [],
  "revision": 0,
  "ruby_source_path": "Formula/b/bubblewrap.rb",
  "tap": "homebrew/core",
  "test_dependencies": [
    "strace"
  ],
  "uses_from_macos": [],
  "version_head": "HEAD",
  "version_stable": "0.11.2",
  "versioned_formulae": [],
  "why_use_this": "Bubblewrap lets regular users create lightweight sandboxes for untrusted code or applications without requiring setuid or privileged daemons\u2014essential for container runtimes, browser sandboxing, and application isolation on multi-user systems. It\u0027s the low-level sandboxing backend for Flatpak and other container tools that need safe unprivileged operation."
}