diff --git a/home/home_packages.nix b/home/home_packages.nix
index e532fb7..d790b4e 100644
--- a/home/home_packages.nix
+++ b/home/home_packages.nix
@@ -109,5 +109,6 @@
       inputs.nvim.packages.x86_64-linux.nvim
       (import ../packages/zapzap/default.nix {inherit pkgs;})
       (pkgs.callPackage ../packages/viber/default.nix {})
+      (pkgs.callPackage ../packages/bubblewrap/default.nix {})
     ];
 }
diff --git a/packages/bubblewrap/default.nix b/packages/bubblewrap/default.nix
new file mode 100644
index 0000000..44645bd
--- /dev/null
+++ b/packages/bubblewrap/default.nix
@@ -0,0 +1,56 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  docbook_xsl,
+  libxslt,
+  meson,
+  ninja,
+  pkg-config,
+  bash-completion,
+  libcap,
+  libselinux,
+}:
+stdenv.mkDerivation rec {
+  pname = "bubblewrap";
+  version = "0.8.0";
+
+  src = fetchFromGitHub {
+    owner = "rhendric";
+    repo = "bubblewrap";
+    rev = "23ff0f875b3a0200c1796daa01173ecec7deaf88";
+    hash = "sha256-EWsuAGsShaHEmLi0jUHX2bFQZkinIOsRbgB7tZSfq8E=";
+  };
+
+  postPatch = ''
+    substituteInPlace tests/libtest.sh \
+      --replace "/var/tmp" "$TMPDIR"
+  '';
+
+  nativeBuildInputs = [
+    docbook_xsl
+    libxslt
+    meson
+    ninja
+    pkg-config
+  ];
+
+  buildInputs = [
+    bash-completion
+    libcap
+    libselinux
+  ];
+
+  # incompatible with Nix sandbox
+  doCheck = false;
+
+  meta = with lib; {
+    changelog = "https://github.com/containers/bubblewrap/releases/tag/${src.rev}";
+    description = "Unprivileged sandboxing tool";
+    homepage = "https://github.com/containers/bubblewrap";
+    license = licenses.lgpl2Plus;
+    maintainers = with maintainers; [dotlambda];
+    platforms = platforms.linux;
+    mainProgram = "bwrap";
+  };
+}