The author shares their frustration with Firejail and their updated approach to sandboxing applications using Flatpak and BubbleBox. Flatpak is preferred for software with existing sandboxes, but may require global overrides to avoid liberal profiles. BubbleBox is used for software that does not have a Flatpak or needs to run on the host system but with restricted access. The author created BubbleBox to configure sandboxing with bubblewrap, which allows full control over file system access. The addition of xdg-dbus-proxy enables access to specific D-Bus functions for sandboxed applications. Various bubblewrap-based sandboxing solutions are available, offering different features and functionalities.
https://www.ralfj.de/blog/2024/04/14/bubblebox.html