Bubblejail is a bubblewrap-based alternative to Firejail.
Bubblejail's design is based on observations of Firejail's faults.
One of the biggest issues with Firejail is that you can accidentally run unsandboxed applications and not notice.
Bubblejail, instead of trying to transparently overlay an existing home directory, creates a separate home directory.
Every Instance represents a separate home directory. Typically, every sandboxed application has its own home directory.
Each instance has a
services.toml file which defines the configuration of the instance such as system resources that the sandbox should have access to.
Service represents some system resources that the sandbox can be given access to. For example, the Pulse Audio service gives access to the Pulse Audio socket so that the application can use sound.
Profile is a predefined set of services that a particular application uses. Using profiles is entirely optional.
AUR is preferred way of installing
If you are not using Arch Linux you can try to manually install with meson
meson setup buildto setup build directory
sudo meson install
If you want to uninstall run
ninja uninstall from build directory.
See man page:
bubblejail create --profile firefox FirefoxInstance
bubblejail run FirefoxInstance
bubblejail create --no-desktop-entry --profile generic Test