Hi there,
I’m trying to harden my arch linux system with sandboxing, but not sure if it’s the right tool for the job.
I need sandboxing to be able to utilize my integrated GPU (without passthrough) and in the same time won’t weaken the security of the system.
Before diving in, can someone knowledgeable please clarify if bubblewrap supports GPU as stated before, as I’m not quite sure if Give access to the feral gamemode dbus interface will do that for me, or perhaps suggest something else?
I assume you’re talking about Bubblejail? This option is, as the name implies, giving access to the feral gamemode dbus interface and not to the GPU. In bubblejail, access to GPU is under “Direct rendering”
I wrote a guide about this here a while back. It’s a bit outdated but still might help you
This is exactly the article I got the Give access to the feral gamemode dbus interface from. But I didn’t find there how to allow GPU or the “Direct rendering”.
Can you please explain or point me to the right direction?
UPD: I think I found it, thanks