Want to create an interactive transcript for this episode?
Podcast: Chaos Computer Club - recent events feed
Episode: jail.nix - A library to easily jail your NixOS derivations in Bubblewrap (nixcon2025)
Description: Given the amount of software written in memory unsafe languages, and the rise in supply chain attacks, I prefer to run as much software as possible within some kind of security boundary (mostly using bubblewrap and qemu). Bubblewrap is the sandboxing tool at the core of Flatpak, but it is intentionally designed to be very low level.
Using bubblewrap, one can write wrappers for every package on their system, but getting the flags right can be error prone, and often lead to annoying debug cycles to get a program to run correctly.
jail.nix is a nix library I have...