Comment 114 for bug 2046844

Thanks for the reply!

My use case is this one 'shipped as a .tar.gz that people unpack into their home dir and then use'. To me it seems counter-intuitive to force applications to run un-sanboxed for added security; both the solutions proposed (with the application profile and to turn off the user namespace restrictions) would require root privileges, which I currently do not require users to have to be able to run my application. Does Ubuntu have plans for an alternative to bubblewrap sandboxing? Blocking kernel features because they might be exploited seems really extreme.