|
|
|
|
|
|
by coppsilgold
885 days ago
|
|
|
I tend to just make and run shell scripts that configure and run bubblewrap[1]. Everything is nicely explicit and allows for a good mental model of what's going to happen when you run it. source "/path/bwrap_helper.sh"
FLAGS=(
${FLAGS_ROOTFS_DISTROX_MIN[@]}
${FLAGS_ENV_XDG_GUI[@]}
${FLAGS_PULSE[@]}
${FLAGS_GPU_ACCEL[@]}
--new-session
--bind /path/jail123 /home/user
)
exec bwrap "${FLAGS[@]}" --seccomp 10 10< /path/a_filter.bpf -- /usr/bin/gui_app "$@"
[1] <https://github.com/containers/bubblewrap> |
|
|