Same question. One thing I really dislike in Bubblewrap is that I must share the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		BoingBoomTschak on March 23, 2025 \| parent \| context \| favorite \| on: Landrun: Sandbox any Linux process using Landlock,... Same question. One thing I really dislike in Bubblewrap is that I must share the whole net user namespace even if all I want to do is use UNIX domain sockets. Since I only see net options specifying ports, does this handle this use case?

coppsilgold on March 24, 2025 [–]

> if all I want to do is use UNIX domain sockets

I routinely --unshare-net with UDS ro-binds.

You may be using abstract sockets (@/path/uds.sock) and those do require the same netns I think.

l0kod on March 25, 2025 | [–]

Landlock supports scoped abstract UNIX socket: https://docs.kernel.org/userspace-api/landlock.html#ipc-scop...

Landlock doesn't use namespaces, they are orthogonal.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact