On 09/06/2020 16:04, Topi Miettinen wrote:
Please report Firejail issues on Github so they may get attention. Current (unreleased) Firejail also supports SELinux labeling, so existing SELinux rules apply even if the file system is heavily manipulated.
Is the opinion around the SELinux community that Firejail is good enough (in the field of single-command GUI isolation)? A bit hesitant about its security because of [1]. I know there is a few alternatives [2][3][4] but I don't think I have the knowledge to actually judge which one provides better isolation.
[1] https://www.whonix.org/wiki/Dev/Firejail#Security [1] https://github.com/google/nsjail [2] https://github.com/containers/bubblewrap [3] https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html
