Install bubblewrap by default to make use of MAT2's sandboxing

madaidan · September 21, 2019, 7:06pm

Whonix should install bubblewrap by default. MAT2 uses bubblewrap for sandboxing and is automatically enabled if it is installed.

This currently won’t work though due to a bug (Whonix uses hidepid).

HulaHoop · September 22, 2019, 5:07pm

Will having the on fixed version installed break MAT2 startup? If not then we can incldue it.

madaidan · September 22, 2019, 7:09pm

Yes, it likely will.

I’m not saying to include bubblewrap immediately. It can be included after the bug is fixed.

madaidan · October 10, 2019, 11:06pm

I’ve submitted a pull request to bubblewrap that should fix the MAT2 issue.

It might take a while before it gets merged and then a longer while before it’s in Debian.

There are also some users encountering this bug https://0xacab.org/jvoisin/mat2/issues/121

nurmagoz · November 15, 2019, 12:19pm

although this bug not solved yet, bubblewrap now included anyway in WS (mat2 and libwebkit2gtk depends on bubblewrap).

madaidan · November 15, 2019, 5:31pm

Bubblewrap can be disabled by using mat2’s --no-sandbox flag now if any errors occur.

Patrick_mobile · November 22, 2019, 9:48am