$ pip3 install sandlock --break-system-packages
Looking in indexes: https://mirrors.aliyun.com/pypi/simple
Collecting sandlock
Downloading https://mirrors.aliyun.com/pypi/packages/ea/43/edb389fa0714be7135d8f93ced4f31d762c1c9d8912d57651cf648d5c0a3/sandlock-0.6.0-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (3.0 MB)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 3.0/3.0 MB 21.5 MB/s eta 0:00:00
Installing collected packages: sandlock
Successfully installed sandlock-0.6.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager, possibly rendering your system unusable. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv. Use the --root-user-action option if you know what you are doing and want to suppress this warning.
$ sandlock
bash: sandlock: command not found
$ cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 13 (trixie)"
NAME="Debian GNU/Linux"
VERSION_ID="13"
VERSION="13 (trixie)"
VERSION_CODENAME=trixie
DEBIAN_VERSION_FULL=13.4
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"I wanted to add sandboxing capabilities to my project running in a container environment, but I found that bubblewrap cannot be used directly because it requires adding --cap-add SYS_ADMIN. The risks involved are too great to outweigh the benefits.
I wanted to add sandboxing capabilities to my project running in a container environment, but I found that bubblewrap cannot be used directly because it requires adding
--cap-add SYS_ADMIN. The risks involved are too great to outweigh the benefits.