bubblewrap

Unprivileged sandboxing tool for isolating Linux processes

brewmacoslinux

Try with needOr install directly

About

Unprivileged sandboxing tool for Linux

bwrap

Run a command in a sandbox with read-only root filesystem$ bwrap --ro-bind / / --tmpfs /tmp /bin/bash

Create isolated environment with custom mount points$ bwrap --bind /home/user /home/user --tmpfs /tmp /bin/sh

Run application with restricted network access using UTS namespace$ bwrap --unshare-net --ro-bind / / /usr/bin/wget https://example.com