https://www.scrivano.org/tags/bubblewrap/ Recent content in Bubblewrap on *scratch* Hugo en Sat, 06 Jun 2026 10:03:54 +0000 https://www.scrivano.org/2016/10/22/use-bubblewrap-unprivileged-user-run-systemd-images/ Sat, 22 Oct 2016 13:21:25 +0000 https://www.scrivano.org/2016/10/22/use-bubblewrap-unprivileged-user-run-systemd-images/ <p><a href="https://github.com/projectatomic/bubblewrap/">bubblewrap</a> is a sandboxing tool that allows unprivileged users to run containers. I was recently working on a way to allow unprivileged users to take advantage of bubblewrap to run regular system images that use systemd. To do so, it was necessary to modify bubblewrap to retain a controlled set of Linux capabilities inside the sandbox. Without those capabilities, systemd cannot perform the privilege-separation steps it needs at startup, even when running as UID 0 inside a user namespace.</p>