https://www.pistack.xyz/tags/bubblewrap/ Recent content in Bubblewrap on Pi Stack Hugo en-us Fri, 22 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-22-linux-container-capabilities-management-capsh-bubblewrap-native-docker-guide/ Fri, 22 May 2026 00:00:00 +0000 https://www.pistack.xyz/posts/2026-05-22-linux-container-capabilities-management-capsh-bubblewrap-native-docker-guide/ <p>Linux capabilities split the all-powerful root privilege into distinct units. Instead of running a container as full root (with access to every kernel operation), you can grant only the specific capabilities it needs. This guide compares three approaches to managing container capabilities: <strong>native Docker/Kubernetes capability controls</strong>, <strong>capsh</strong> (capability shell), and <strong>bubblewrap</strong> (unprivileged sandbox).</p>