23 Nov
2025
23 Nov
'25
6:38 a.m.
I'm trying to get minijail0 to work without bind-mounting /, and I'm running into lots of problems. So far: - Unprivileged user namespaces fail due to -EPERM in a mount syscall. - Mounting a tmpfs over / always causes the program to be executed to not be found. - `sudo ./minijail0.sh -v --profile=minimalistic-mountns /bin/ls` works, but doesn't actually do any sandboxing as it bind-mounts `/`. Are there examples of how to use minijail0 properly? Alternatively, can I use it purely for seccomp and Landlock, and use bubblewrap to handle namespacing? -- Sincerely, Demi Marie Obenour (she/her/hers)