Description
Restricts what an application can do by combining Linux sandboxing features such as seccomp, Landlock, and namespaces. It helps advanced users and administrators reduce filesystem, network, and system-call access for programs that should run with tighter boundaries.
Sandbox policy mistakes can either break applications or allow more access than intended. Test profiles carefully and do not treat sandboxing as a replacement for updates or trustworthy software.