Gea-Suan LinMar 6

https://blog.gslin.org/archives/2026/03/07/12921/macos-%e4%b8%8a%e7%94%a8-sandbox-exec-%e9%9a%94%e9%9b%a2/

macOS 上用 sandbox-exec 隔離

#agent #app #apple #bubblewrap #bwrap #coding #design #exec #guide #linux #macos #sandbox #SandboxExec #security

macOS 上用 sandbox-exec 隔離

上上禮拜看到「sandbox-exec: macOS's Little-Known Command-Line Sandboxing Tool (via)」這個感到興趣,主要是因為有跑 coding agent 的需求,在 Linux 上可以透過 bubblewrap 隔離 (參考「Linux 下用 bubblewrap (bwrap) 跑 Claude Code」),但 macOS 上沒有 bubblewrap,所以需要另外找工具,看起來就是這個了。 Hacker News 上有人提到 deprecated 的問題,從 2017 年就已經是 deprecated 了...

Gea-Suan Lin's BLOG
UrlRouletteFeb 20

Our Weekly Update #62 is live! 🎥✨

Watch now: https://youtu.be/1NfNykcpIks
Don’t forget to subscribe & hit the bell 🔔!

Subscribe to our weekly newsletter!
👉 https://urlroulette.net/newsletter/subscribeform 🚀

#bubblewrap #homepage #comics #virtualracing #flighttracker

🔗 UrlRoulette TV Episode #62! 🌟

YouTube
Show threadYann Büchau Feb 18

Now I'm thinking about a new strategy:

- stop service
- make #btrfs snapshot (seconds at max)
- restart service
- run #borgBackup from snapshot, but via #bubbleWrap so it sees it as the original path and inodes for consistency&performance!
- run as many borg backups as desired to any remote, even in parallel, as the service is running again

Thoughs?

#nixos

Gea-Suan LinFeb 16

https://blog.gslin.org/archives/2026/02/16/12894/linux-%e4%b8%8b%e7%94%a8-bubblewrap-bwrap-%e8%b7%91-claude-code/

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

#bubblewrap #bwrap #claude #code #linux #security

Linux 下用 bubblewrap (bwrap) 跑 Claude Code

避免 Claude Code 在全自動模式下 (--dangerously-skip-permissions) 爆炸的時候把一堆東西給弄炸,一般會用 container 環境包起來,不過在 Linux 下可以用 bubblewrap 這樣更清量的工具限制,調整了一陣子,算是穩下來了,我會包一個 ~/bin/claude...

Gea-Suan Lin's BLOG
AI SparkupFeb 7

AI 에이전트 코드 실행의 딜레마, 샌드박싱으로 안전하게 해결하는 법

AI 에이전트가 생성한 코드를 안전하게 실행하는 샌드박싱 기법. bubblewrap 로컬 격리와 Deno Sandbox의 네트워크 제어·시크릿 보호를 소개합니다.

https://aisparkup.com/posts/8954

UrlRouletteFeb 5

🔗 UrlRoulette URL of the Day #430! 🌟

Virtual bubble wrap - burst them all!
Online bubble wrap popping, a stress-relief satisfying web app. Pop bubbles non-stop.

This is our URL of the day 👉 https://urlroulette.net/ui/3m46tG3xrpCW 🚀

#bubblewrap

UrlRoulette - Link of the Day

Submit URL for the next visitor and be redirected to the previous visitor's URL! Subscribe to our newsletter and get top URLs delivered to your email address!

UrlRoulette
alipFeb 2
Would you be interested in cooperating to build the next #dangerzone #flatpak #snap #ai/#gpu #rustlang #sandbox (insert-hype-here) based on #sydbox rather than #bubblewrap #firejail #snap-confine #gvisor (insert-sandbox-here)? We have #sydbox the application kernel, pandora the automatic profile writer, and syd-tui as a basic tui frontend using #ratatui, however we lack more practical tooling for wider adoption. Dreams, ideas, plans, all sorts of feedback, and contributions are equally welcome!
Yes, please!
80%
No, go away!
0%
I'll DM or mail [email protected]
0%
I want to see you at RustConf2026
20%
Poll ended at .
FreezenetJan 26

Let the satisfying popping begin!

https://nationaltoday.com/bubble-wrap-appreciation-day/

#bubbleWrap

Bubble Wrap Appreciation Day

Too wrapped up in your own head to celebrate Bubble Wrap Appreciation Day? Go ahead. Pop some for a little stress relief.

National Today
philippa 🇬🇧Jan 23
Cats, flowers and bubble wrap; does it get any better? #CaturdayEveryday #Caturday #CatsOfMastodon #BubbleWrap
alipJan 22
Sometimes devil is in the details. #POSIX requires option parsing to terminate when the initial non-option argument is encountered. This is different than the #GNU style which continues parsing arguments until an explicit "--" is encountered. The latter has been susceptible to command line injection attacks. One recent example is in #bubblewrap & #flatpak combo with CVE-2024-32462. Otoh, #sydbox and all its utilities use posixly correct option parsing: https://nvd.nist.gov/vuln/detail/cve-2024-32462 #linux #security
NVD - cve-2024-32462