diff --git a/appruns/bwrap/default.nix b/appruns/bwrap/default.nix
new file mode 100644
index 0000000..8e8da7d
--- /dev/null
+++ b/appruns/bwrap/default.nix
@@ -0,0 +1,9 @@
+{ runCommand,
+  pkgsStatic
+}:
+
+runCommand "AppRun" { } ''
+  mkdir $out
+  cp ${./test.sh} $out/AppRun
+  cp ${pkgsStatic.bubblewrap}/bin/bwrap $out/bwrap
+''
diff --git a/appruns/bwrap/test.sh b/appruns/bwrap/test.sh
new file mode 100755
index 0000000..8886d83
--- /dev/null
+++ b/appruns/bwrap/test.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+LOCATION="$(dirname -- "$(readlink -f "${BASH_SOURCE}")")"
+$LOCATION/bwrap $(ls / | grep -v -E "dev|proc" | xargs -I % echo --bind /% /% | tr '\n' ' ') --dev-bind /dev /dev --proc /proc --ro-bind $LOCATION/nix /nix $(readlink $LOCATION/entrypoint) $@
diff --git a/flake.nix b/flake.nix
index 96d0c5e..d846fd4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,7 @@
         # appruns contain an AppRun executable that does setup and launches entrypoint
         packages.appimage-appruns = {
           userns-chroot = pkgs.callPackage ./appruns/userns-chroot { };
+          bwrap = pkgs.callPackage ./appruns/bwrap { };
         };
 
         lib.mkAppImage = pkgs.callPackage ./mkAppImage.nix {