Description
A sandboxing tool that uses Linux namespaces and related kernel features to restrict applications. It can limit filesystem access, networking, and other behavior for programs that are launched through it.
Use it when you want extra isolation for desktop or command-line applications. Sandboxing profiles need review because too much access weakens isolation and too little access can break apps.