aidecoe@gentoo.org Amadeusz Żołnowski Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. This is bleeding edge branch. For long term support version see sys-apps/firejail-lts. firejail Enable support for custom AppArmor profiles Enable custom bind mounts Enable chrooting to custom directory Install contrib scripts Enable file transfers between sandboxes and the host system Enable networking features Grant access to --interface, --net=ethXXX and --netfilter only to root user; regular users are only allowed --net=none Enable system call filtering Enable attaching a new user namespace to a sandbox (--noroot option) Enable X11 sandboxing