I recently learned about nsjail, a utility to sandbox applications or provide workload isolation.
It seems to be lighter weight than firejail and possibly better suited for server applications.
Has anyone used this? What’s your experience with it? I’m curious about using it for my web server applications as an additional layer of Dr hotty.
I’ve never heard of nsjail, so I wouldn’t know. But there’s also bubblewrap which is used by Flatpak for sandboxing. It’s very small, although a bit annoying to use.
Bubblewrap seemed much less user friendly than nsjail, I assume because it is intended to be a lower level application used by libraries like flatpak. It is also more tailored to desktop applications and GUIs, whereas nsjail is focused on server apps (though I did see the author mentioning adding better support for GUIs years ago, but I did not check if that happened).