firejail

Securely sandboxes processes to containers using built-in Linux capabilities. More information: https://manned.org/firejail.

• Integrate firejail with your desktop environment:

sudo firecfg

• Open a restricted Mozilla Firefox:

firejail firefox

• Start a restricted Apache server on a known interface and address:

firejail --net=eth0 --ip=192.168.1.244 /etc/init.d/apache2 start

• List running sandboxes:

firejail --list

• List network activity from running sandboxes:

firejail --netstats

• Shutdown a running sandbox:

firejail --shutdown=7777

• Run a restricted Firefox session to browse the internet:

firejail --seccomp --private --private-dev --private-tmp --protocol=inet firefox --new-instance --no-remote --safe-mode --private-window

• Use custom hosts file (overriding /etc/hosts file):

firejail --hosts-file=~/myhosts curl http://mysite.arpa