Firejail Description
Firejail is a SUID that restricts the running environment for untrusted applications using Linux namespaces or seccomp-bpf. This reduces the risk of security breach. It allows processes and their descendants to have their private view of globally shared kernel resources such as the network stack. process table, mount table. The software is written in C and requires almost no dependencies. It runs on any Linux system with a 3.x kernel or newer. The overhead is low and the sandbox is lightweight. There are no configuration files to edit, socket connections are closed, and no daemons running in background. All security features are directly implemented in Linux kernel and accessible on any Linux computer.