← Back to context Comment by ashishb 4 days ago What is genuine sandboxing? Everyone waives there hands by saying this 4 comments ashishb Reply mfro 4 days ago Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux) ashishb 4 days ago I have a perfect set up in inside docker that works.I would love to know why bubblewrap is a superior alternative.Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849... mfro 4 days ago My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online 1 reply →
mfro 4 days ago Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux) ashishb 4 days ago I have a perfect set up in inside docker that works.I would love to know why bubblewrap is a superior alternative.Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849... mfro 4 days ago My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online 1 reply →
ashishb 4 days ago I have a perfect set up in inside docker that works.I would love to know why bubblewrap is a superior alternative.Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849... mfro 4 days ago My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online 1 reply →
mfro 4 days ago My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online 1 reply →
Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux)
I have a perfect set up in inside docker that works.
I would love to know why bubblewrap is a superior alternative.
Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...
My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online
1 reply →