macOS
brew install bubblewraplocal Homebrew formula metadata
安装
brew install bubblewraplocal Homebrew formula metadata
sudo apk add bubblewrapAlpine Linux edge package indexes · bubblewrap · 来源: dl-cdn.alpinelinux.org
sudo apt install bubblewrapDebian stable package indexes · bubblewrap · 来源: deb.debian.org
sudo dnf install bubblewrapFedora Rawhide package metadata · bubblewrap · 来源: dl.fedoraproject.org
nix profile install nixpkgs#bubblewrapnixpkgs package indexes · pkgs/by-name/bu/bubblewrap/package.nix · 来源: api.github.com
sudo pacman -S bubblewrapArch Linux sync databases · bubblewrap · 来源: geo.mirror.pkgbuild.com
sudo zypper install bubblewrapopenSUSE Tumbleweed package metadata · bubblewrap · 来源: download.opensuse.org
概览
Unprivileged sandboxing tool for Linux
历史
bubblewrap is a low-level Linux sandboxing tool that constructs restricted process environments with namespaces, bind mounts, seccomp, and related kernel features. It is best known as the small, auditable sandbox primitive used by Flatpak and similar desktop/container tools.
The bubblewrap README positions it against system-administrator container runtimes such as Docker and systemd-nspawn: those tools are not suitable to hand directly to unprivileged users, while bubblewrap is designed around unprivileged sandbox construction.
The original code predates modern unprivileged user namespaces and inherits from xdg-app helper code, which in turn derives from linux-user-chroot. Older bubblewrap also supported a setuid mode for systems without unprivileged user namespaces, but the README notes that setuid support has been removed.
The public GitHub repository was created in February 2016. The repository description identifies bubblewrap as a low-level unprivileged sandboxing tool used by Flatpak and similar projects, with topics for Linux containers and user namespaces.
bubblewrap spread because Flatpak and related desktop sandboxing systems needed a small shared primitive instead of each project carrying its own privileged helper. The README lists Flatpak, rpm-ostree unprivileged, and bwrap-oci as users or intended users.
The input package metadata shows broad Linux distribution packaging through Alpine, Debian, Fedora/dnf, Nix, Arch/pacman, Ubuntu, and openSUSE/zypper, plus Homebrew. That breadth reflects its role as plumbing for sandbox frameworks rather than as an end-user application.
Security-sensitive adoption is cautious: bubblewrap constructs a sandbox, but the actual security boundary depends on the arguments supplied by the caller. This makes it attractive for larger frameworks that own policy and want a narrow mechanism.
bwrap creates a new mount namespace whose root is an empty tmpfs, then command-line options bind selected host paths, create proc/dev views, unshare namespaces, apply seccomp filters, and run a command inside the resulting environment.
Typical direct use is scripting a constrained shell or process; typical indirect use is through Flatpak or another framework that assembles a policy-specific bwrap command. The project has no ordinary per-user config file or credentials store.
bubblewrap is package-manager-significant because a small CLI becomes part of the desktop Linux trust base. Its package version, setuid/user-namespace behavior, CVE history, and distribution kernel defaults can affect whether higher-level sandboxing stacks actually work.
It is also a clean example of separating mechanism from policy: package the tiny sandbox constructor once, let Flatpak and peers define the higher-level sandbox rules.
安全态势
narrow executable package without higher-risk signals.
绿色 风险 · 低 置信度 · appliance
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
bwrap | cli | 全局可执行文件 |
新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
https://github.com/containers/bubblewrap
安装元数据
| 软件包键 | brew:bubblewrap |
|---|---|
| 版本 | 0.11.2 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/bubblewrap |
| 主页 | https://github.com/containers/bubblewrap |
| 仓库 | https://github.com/containers/bubblewrap |
| 上游文档 | https://github.com/containers/bubblewrap#readme |
| 许可证 | LGPL-2.0-or-later |
| 源码归档 | https://github.com/containers/bubblewrap/releases/download/v0.11.2/bubblewrap-0.11.2.tar.xz |
| 最后更新 | 2026-06-11T17:22:39Z |
| Pulse | updated |
| 依赖 | libcap |
| 构建依赖 | docbook-xsl, libxslt, meson, ninja, pkgconf |
| Bottle | 可用 (于 arm64_linux, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
注册表事实
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | bubblewrap |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Requirements |
|
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
源数据库匹配
匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。
bubblewrap 0.11.0-2+deb13u1
utility for unprivileged chroot and namespace manipulation
https://github.com/containers/bubblewrap
sudo apt install bubblewrapbubblewrap
nix profile install nixpkgs#bubblewrapbubblewrap 0.9.0-1build1
utility for unprivileged chroot and namespace manipulation
https://github.com/containers/bubblewrap
sudo apt install bubblewrapbubblewrap 0.11.2-r0
Unprivileged sandboxing tool
https://github.com/containers/bubblewrap
sudo apk add bubblewrapbubblewrap-bash-completion 0.11.2-r0
Bash completions for bubblewrap
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-bash-completionbubblewrap-doc 0.11.2-r0
Unprivileged sandboxing tool (documentation)
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-docbubblewrap-static 0.11.2-r0
Unprivileged sandboxing tool (static binary)
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-staticbubblewrap-zsh-completion 0.11.2-r0
Zsh completions for bubblewrap
https://github.com/containers/bubblewrap
sudo apk add bubblewrap-zsh-completionbubblewrap 0.11.0-4.fc44
Core execution tool for unprivileged containers
https://github.com/containers/bubblewrap/
sudo dnf install bubblewrapbubblewrap 0.11.2-1
Unprivileged sandboxing tool
https://github.com/containers/bubblewrap
sudo pacman -S bubblewrapbubblewrap 0.11.2-1.1
Core execution tool for unprivileged containers
https://github.com/containers/bubblewrap
sudo zypper install bubblewrapbubblewrap-zsh-completion 0.11.2-1.1
Zsh tab-completion for bubblewrap
https://github.com/containers/bubblewrap
sudo zypper install bubblewrap-zsh-completion来源线索
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
View the package source record on GitHub.