macOS
brew install bubblewraplocal Homebrew formula metadata
brew
Unprivileged sandboxing tool for Linux. Version 0.11.2 via Homebrew; verified 2026-06-11.
install
brew install bubblewraplocal Homebrew formula metadata
sudo apk add bubblewrapAlpine Linux edge package indexes · bubblewrap · source: dl-cdn.alpinelinux.org
sudo apt install bubblewrapDebian stable package indexes · bubblewrap · source: deb.debian.org
sudo dnf install bubblewrapFedora Rawhide package metadata · bubblewrap · source: dl.fedoraproject.org
nix profile install nixpkgs#bubblewrapnixpkgs package indexes · pkgs/by-name/bu/bubblewrap/package.nix · source: api.github.com
sudo pacman -S bubblewrapArch Linux sync databases · bubblewrap · source: geo.mirror.pkgbuild.com
sudo zypper install bubblewrapopenSUSE Tumbleweed package metadata · bubblewrap · source: download.opensuse.org
overview
Unprivileged sandboxing tool for Linux
history
bubblewrap is a low-level Linux sandboxing tool that constructs restricted process environments with namespaces, bind mounts, seccomp, and related kernel features. It is best known as the small, auditable sandbox primitive used by Flatpak and similar desktop/container tools.
The bubblewrap README positions it against system-administrator container runtimes such as Docker and systemd-nspawn: those tools are not suitable to hand directly to unprivileged users, while bubblewrap is designed around unprivileged sandbox construction.
The original code predates modern unprivileged user namespaces and inherits from xdg-app helper code, which in turn derives from linux-user-chroot. Older bubblewrap also supported a setuid mode for systems without unprivileged user namespaces, but the README notes that setuid support has been removed.
The public GitHub repository was created in February 2016. The repository description identifies bubblewrap as a low-level unprivileged sandboxing tool used by Flatpak and similar projects, with topics for Linux containers and user namespaces.
bubblewrap spread because Flatpak and related desktop sandboxing systems needed a small shared primitive instead of each project carrying its own privileged helper. The README lists Flatpak, rpm-ostree unprivileged, and bwrap-oci as users or intended users.
The input package metadata shows broad Linux distribution packaging through Alpine, Debian, Fedora/dnf, Nix, Arch/pacman, Ubuntu, and openSUSE/zypper, plus Homebrew. That breadth reflects its role as plumbing for sandbox frameworks rather than as an end-user application.
Security-sensitive adoption is cautious: bubblewrap constructs a sandbox, but the actual security boundary depends on the arguments supplied by the caller. This makes it attractive for larger frameworks that own policy and want a narrow mechanism.
bwrap creates a new mount namespace whose root is an empty tmpfs, then command-line options bind selected host paths, create proc/dev views, unshare namespaces, apply seccomp filters, and run a command inside the resulting environment.
Typical direct use is scripting a constrained shell or process; typical indirect use is through Flatpak or another framework that assembles a policy-specific bwrap command. The project has no ordinary per-user config file or credentials store.
bubblewrap is package-manager-significant because a small CLI becomes part of the desktop Linux trust base. Its package version, setuid/user-namespace behavior, CVE history, and distribution kernel defaults can affect whether higher-level sandboxing stacks actually work.
It is also a clean example of separating mechanism from policy: package the tiny sandbox constructor once, let Flatpak and peers define the higher-level sandbox rules.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
bwrap | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/containers/bubblewrap
install metadata
| Package key | brew:bubblewrap |
|---|---|
| Version | 0.11.2 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/bubblewrap |
| Homepage | https://github.com/containers/bubblewrap |
| Repository | https://github.com/containers/bubblewrap |
| Upstream docs | https://github.com/containers/bubblewrap#readme |
| License | LGPL-2.0-or-later |
| Source archive | https://github.com/containers/bubblewrap/releases/download/v0.11.2/bubblewrap-0.11.2.tar.xz |
| Last updated | 2026-06-11T17:22:39Z |
| Pulse | updated |
| Dependencies | libcap |
| Build dependencies | docbook-xsl, libxslt, meson, ninja, pkgconf |
| Bottle | available (on arm64_linux, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | bubblewrap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Requirements |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
bubblewrap 0.11.0-2+deb13u1
utility for unprivileged chroot and namespace manipulation
https://github.com/containers/bubblewrap
sudo apt install bubblewrapbubblewrap
nix profile install nixpkgs#bubblewrapbubblewrap 0.9.0-1build1
utility for unprivileged chroot and namespace manipulation
https://github.com/containers/bubblewrap
sudo apt install bubblewrapbubblewrap 0.11.2-r0
Unprivileged sandboxing tool
https://github.com/containers/bubblewrap
sudo apk add bubblewrapbubblewrap-bash-completion 0.11.2-r0
Bash completions for bubblewrap
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-bash-completionbubblewrap-doc 0.11.2-r0
Unprivileged sandboxing tool (documentation)
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-docbubblewrap-static 0.11.2-r0
Unprivileged sandboxing tool (static binary)
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-staticbubblewrap-zsh-completion 0.11.2-r0
Zsh completions for bubblewrap
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-zsh-completionbubblewrap 0.11.0-4.fc44
Core execution tool for unprivileged containers
https://github.com/containers/bubblewrap/
sudo dnf install bubblewrapbubblewrap 0.11.2-1
Unprivileged sandboxing tool
https://github.com/containers/bubblewrap
sudo pacman -S bubblewrapbubblewrap 0.11.2-1.1
Core execution tool for unprivileged containers
https://github.com/containers/bubblewrap
sudo zypper install bubblewrapbubblewrap-zsh-completion 0.11.2-1.1
Zsh tab-completion for bubblewrap
https://github.com/containers/bubblewrap
sudo zypper install bubblewrap-zsh-completionsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.