Previously in this series, we discovered how to use bubblewrap to sandbox simple applications. Then, we moved on to more complex applications, and concluded that, while it works, the long command lines used were getting very unwieldy. I will now present you the script (unimaginatively called sandbox) I use to sandbox my applications. Its configuration file is located at ~/.config/sandbox.yml. It starts with resources : mostly path binds, but also environment variables and D-Bus services.