Firejail is a SUID program designed to enhance security by limiting the environment in which untrusted applications run on Linux. It isolates processes and their descendants, providing them with their own private view of kernel resources. The software is written in C with minimal dependencies and can be run on any Linux computer with a 3.x kernel or newer. It is lightweight and has low overhead, with all security features implemented directly in the Linux kernel. Firejail can sandbox various types of processes, including servers, graphical applications, and user login sessions. It also comes with pre-defined security profiles for popular Linux programs like Mozilla Firefox and VLC. Additionally, Firejail offers other tools such as Firetools for graphical user interface, FDNS for DNS over HTTPS proxy, and Firetunnel for connecting multiple sandboxes on a virtual Ethernet network. Firejail is a community project without any commercial goals and welcomes contributions from volunteers. The software is released under GPL v2 license.
https://firejail.wordpress.com/