bubblewrap: bubblewrap (unprivileged sandboxing tool) bubblewrap: bubblewrap: The goal of bubblewrap is to run an application in a sandbox, bubblewrap: where it has restricted access to parts of the operating system bubblewrap: or user data such as the home directory. bubblewrap: Bubblewrap works by creating a new, completely empty, mount namespace bubblewrap: where the root is on a tmpfs that is invisible from the host, bubblewrap: and will be automatically cleaned up when the last process exits. bubblewrap: bubblewrap: See also: https://github.com/containers/bubblewrap/ bubblewrap: