Linux

9545 readers

341 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

rti/nixwrap: Easy Adhoc Sandboxing on NixOS - GitHub - Robert Timm (github.com)

submitted 3 weeks ago by ruffsl@programming.dev to c/linux@programming.dev

0 comments fedilink hide all child comments

cross-posted from: https://programming.dev/post/36875851

As a developer I often need to run code I cannot trust, especially dependencies from NodeJS and Python projects, on my dev machine. In order to protect my system from potentially malicious code, I built NixWrap, an adhoc sandboxing tool for NixOS.

NixWrap wraps bubblewrap (oh dear), running it with convenient defaults and offering easy to use command line flags to toggle custom options. An invocation to NixWrap is typically way shorter than the bubblewrap equivalent.

E.g. npm install can be wrapped with wrap -n npm install to gain network access and write access to the current working directory.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here