Comment by mfro

4 days ago

Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux)

3 comments

mfro

Reply

ashishb 4 days ago

I have a perfect set up in inside docker that works.

I would love to know why bubblewrap is a superior alternative.

Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...

mfro 4 days ago
My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online
- ashishb 4 days ago
  
  > My understanding is that docker escapes are not all that difficult,
  1. Show me how you would escape Docker 2. Show me npm packages doing this in the wild