13 lines
356 B
Markdown
13 lines
356 B
Markdown
|
# bwrap
|
||
|
|
|
||
|
|
> Run programs in a lightweight sandbox.
|
||
|
|
> More information: <https://manned.org/bwrap>.
|
||
|
|
|
||
|
|
- Run a program in a read-only environment:
|
||
|
|
|
||
|
|
`bwrap --ro-bind / / {{/bin/bash}}`
|
||
|
|
|
||
|
|
- Give the environment access to devices, process information and create a `tmpfs` for it:
|
||
|
|
|
||
|
|
`bwrap --dev-bind /dev /dev --proc /proc --ro-bind / / --tmpfs /tmp {{/bin/bash}}`
|