On 9.6.2020 17.05, Cristian Ariza wrote:
I have been fiddling with a few alternatives for sandboxing apps but I haven't really found anything that comes close. Probably the best I've seen is firejail and its defaults are not too good (too permissive IMO).
Please report Firejail issues on Github so they may get attention. Current (unreleased) Firejail also supports SELinux labeling, so existing SELinux rules apply even if the file system is heavily manipulated.
-Topi
