- Steam profile now allows it to acquire any D-Bus name starting with
com.steampowered.*. This fixes several PressureVessel startup errors. Existing Steam instances will NOT be retroactively affected andcom.steampowered.*must be manually added to the "Application's D-Bus name" in the GUI or underdbus_namekey in[common]section in the text config. - Firefox desktop entry name specific to Fedora is now supported. (reported by @boredsquirrel)
- Fixed bubblejail sometimes hanging on startup or shutdown after a JSON decode error is raised. (thanks to @odomingao for providing exception traces)
- The minimum meson version is now set at 1.3.0. This allows for better error messages then attempting to compile bubblejail on a meson version lower than supported one.
- Access to CPU topology under
/sys/devices/system/cpuis now provided by default. A lot of modern applications makes use of it. (Chromium, WINE...) Steam profile already used root share service to pass/sys/devices/system/cpu. This change should compatible with existing Steam instances.
- Fixed Nvidia graphics not working with
direct_renderingservice. The recent 500+ driver requires access to the/sys/module/nvidia/initstatefile. (reported by @consolation548 and tested by @gnusenpai)
- New icon designed by @gelatinbomb
- Fix WebKit built-in sandboxing not working.
- Fix missing comma in default syscall filter preventing certain filters from working. (contributed by @rusty-snake)
No changes since 0.9rc1.
- New dependency! python-lxns is
a Python library to control Linux kernel namespaces. For convenience the library
is available as a meson subproject and is bundled in source archive. Set
use-vendored-python-lxnsbuild option to true to enable meson subproject. If you are a distro maintainer it is recommended to package python-lxns independently and mark it as dependency. allow-site-packages-dirwas removed. Unfortunately it is impossible to control Python packages install dir with meson. If you still want to install bubblejail in to site-pacakges you can either patchmeson.buildor usemeson rewrite kwargs delete project / default_options ""command in source prepare step.bytecode-optimizationbuild option is replaced with meson's nativepython.bytecompile. Most distros meson wrappers already set this option.tomlisupport has been dropped.tomlibfrom Python 3.11 standard library is the only supported TOML reading library. (note thattomli-wis still a requirement)
- Source code licensing is now verified with REUSE.
- Log messages now always use stderr.
- Fix bubblejail-config GUI utility not using its icon. (reported by @boredsquirrel and @rusty-snake)
- Fix Chromium and Firefox profiles not working on certain distros because of diverging desktop entry names. (reported by @boredsquirrel)
- Fix instance being left in inoperable state if D-Bus proxy failed to initialize.
- Fix
namespaces_limitsservice sometimes failing because of concurrency races with sandboxed PID. - Fixed several typos and added codespell to the CI.
- Add
debugservice which can be used to add arguments tobwrapandxdg-dbus-proxyinvocations. Seebubblejail.servicesman page for its configuration keys and values. (requested by @xiota) - Document directories used by bubblejail in
bubblejailman page. (requested by @firefoxlover)
- Mount file pointed by symlink if
/etc/resolv.confis a symlink whennetworkservice is used. This fixes DNS issues when systemd-resolved is used. (first reported by @adworacz) - Fixed
joystickdescription not being complete. (reported by @xiota) - Fixed
PYTHONPYCACHEPREFIXenvironment variable breaking build system. (first reported bymljon AUR)
- Fix slirp4netns service sometimes failing because of wrong user namespace being passed. (reported by @xiota)
- Fix bubblejail sometimes continuing to run even if some service failed to initialize. (reported by @xiota)
- Added support for
tomllibstandard library package for reading TOML files. It is available since Python 3.11.tomlipackage is now only needed if running on Python 3.10. (note that TOML writing librarytomli-wis still required) - Using
runcommand on an already running instance now prints a message to stderr that the instance already running and the commands that will be sent to instance. - Tightened D-Bus filtering rules for Notifications and Systray services. Turns out a lot of D-Bus servers for those services expose too many interfaces than required. (thank you @rusty-snake for pointing this out)
- Fixed trying to create config directories on access. If a system wide directory was
missing like
/etc/bubblejail/profiles/bubblejail would fail to run. (reported by @rusty-snake) - Removed isolated python mode for build scripts. This makes it easier to build bubblejail when meson or Python is installed in non system directory. (fixed with the help of @eli-schwartz)
- Fixed
slirp4netnsinitialization failure being ignored. Now ifslirp4netnsfails to start bubblejail will also fail. (reported by @xiota) - Fixed running bubblejail without arguments raising exception instead of help text. (fixed by @rusty-snake)
- Fixed
namespaces_limitsinitialization failure being ignored. Now ifnamespaces_limitsfails to set namespace limits bubblejail will also fail. (reported by @rusty-snake)
- Fixed X11 multi-screen not working. (the single screen spanning multiple displays already works)
- Fixed default arguments not being used when no arguments have been passed to run command.
- Fixed GUI not working because of integer settings that
namespaces_limitsuses.
Linux namespaces are a powerful instruments that can be used to create sandboxes but it also exposes internal kernel interfaces to unprivileged users which can be a source of vulnerabilities. (for example CVE-2022-25636)
New service namespaces_limits will limit amount of namespaces that
could be created inside sandbox.
It has user, mount, pid, ipc, net, time, uts and cgroup
settings which corresponds to each type of namespace. Those settings take
an integer as value with 0 (default) completely disabling creating that
type of namespace, -1 allowing unlimited amount and any positive integer
sets limit to that number. The positive integer is useful in case your application
will only create a limited number of namespaces.
Profiles might receive a well tested namespaces limits in the future version.
- GUI has been ported to PyQt6.
- Fixed
libseccompandpython-xdgbeing required during build. - Added meson option to disable man page build and installation.
- Added meson install tags. Current tags are
runtimefor core files and cli tool,bubblejail-guifor gui configuration tool,fish-completion/bash-completionfor shell autocompletion andmanfor man pages. (thank you @gordon-quad)
slirp4netnsandnamespaces_limitscan conflict with each other becauseslirp4netnstries to switch to new mount namespace.- Namespaces functions only work on x86_64 platform.
- m4 macro processor removed as build dependency
- jinja2 template engine is now a build requirement
- Sphinx removed as build dependency
- scdoc is now used to build man pages. This is optional build dependency. If scdoc is not present the man pages will not be built.
- Added
bubblejail.servicesman page that contains information about all services and their options. - Added build option to specify bytecode optimization level.
Optimization level should match your distro optimization level or there
will be start-up penalty. Option is named
bytecode-optimizationand takes an integer from 0 to 2. - Added
slirp4netnsservice. It is a custom networking stack for the sandbox. Allows to disconnect sandbox from loopback interface or bind it to a specific device or address. Currently only available on x86_64 platforms. Requiresslirp4netnsbinary be installed. - Added service conflicts. Conflicting services can't be activated together.
Currently
ibusconflictsfcitxandnetworkconflicts withslirp4netns. - Profiles can now be defined in
/etc/bubblejail/profilesfolder and will be available to any user on the system.
- Fixed generated empty desktop entries not having
Type=key. - Fixed XAUTHORITY not being optional.
- Fixed desktop notification about bubblewrap exiting with error being sent every time sandbox closes.
- Fixed an edge case when users home directory overlapped with legacy location
notify-sendis now more optional. No longer raises extra exception if it is missing.- Desktop notification is now sent on any bubblewrap non-zero exit code
/etcis now shared with sandbox. This is potentially breaking change- Home directory is now in same position from the perspective of sandbox
- Removed support for old
tomlpython package - Desktop notification is now sent if sandbox fails to start. (new dependency on
notify-send) - Added Fcitx service (thanks @h0cheung)
- Deprecated
share_local_timeoption of common settings - Deprecated
enable_acooption of DRI
- Added
--versioncommand line option. Distro packagers can modify it withversion_displaymeson option. (would be helpful for bug reports to show distro and version) - Fixed Nvidia Optimus not working with Direct Rendering service. Thanks @gnusenpai for debugging this issue.
- Added IBus service. (multilingual input) Thanks @h0cheung
- Fixed any instance creation failing
- Minimum bubblewrap version is now 0.5.0
- Added default seccomp filter with several syscalls that might be dangerous
- Switched TOML package from toml to tomli and tomli-w
- Added build option to use pythons site-package directory instead of version independent one
- Fixed running on arch other than x86_64
- Fixed trying to bind glibc linker cache on non glibc system
- Fixed D-Bus proxy initialization having a race condition that could have caused startup failures
- Fixed Video4Linux services failing to start if there are no video devices
- Added Video4Linux service
- Added Pipewire service
- New gamepad resolution algorithm (bluetooth support)
- Fixed module loading having side effects of creating config directory
- Build system updates. Now supports custom prefixes
- Man page for
bubblejail editcommand now only overwrites if you modified the config- Added
--debug-bwrap-argsthat adds extra args to bwrap - Dropped Pulse Audio work-around as Arch Linux fixed issue with Steam package