← Back to Topics

Linux Sandboxing Tools

Comments primarily recommend and compare Firejail with alternatives like bubblewrap, nsjail, Docker, and Flatpak for isolating and sandboxing applications on Linux using features like namespaces and seccomp.

➡️ Stable 0.9x Security

2,142

Comments

19

Years Active

5

Top Authors

#7047

Topic ID

Activity Over Time

2008

1

2009

4

2010

11

2011

14

2012

19

2013

39

2014

65

2015

110

2016

140

2017

117

2018

130

2019

130

2020

160

2021

227

2022

213

2023

222

2024

163

2025

319

2026

58

Top Contributors

nextos (26) yjftsjthsd-h (25) the8472 (25) viraptor (21) johnisgood (17)

Keywords

FD CPU FireJail FOSS BPF droid.org WebKit VLAN oasisfeng.com wordpress.com flatpak linux sandboxing selinux sockets sandbox freebsd kernel chromium isolated

Sample Comments

minimalist • Jan 8, 2020 • View on HN

Use firejail instead. They use similar features (namespaces, seccomp, etc.)

encryptluks2 • Sep 21, 2022 • View on HN

Isn't that what Docker, firejail, nsjail, flatpak and others already achieve...?

yjftsjthsd-h • Mar 11, 2024 • View on HN

Sure; take your pick: Firejail, flatpak/bubblewrap/bubblejail, docker/podman.

simcop2387 • Jul 4, 2021 • View on HN

For linux, check out firejail for isolating it.

yjftsjthsd-h • Sep 3, 2022 • View on HN

Sounds like you're asking for firejail or bubblewrap?

dbbolton • Aug 7, 2015 • View on HN

It can be with Firejail: https://l3net.wordpress.com/projects/firejail/

kworker • Jun 10, 2018 • View on HN

On linux you can use firejail if it's necessary (or a container if it's needed).

internet_points • Nov 14, 2025 • View on HN

Any references to how you use selinux? I've used bwrap and firejail, but I don't feel confident that I'm not leaving holes open?

natmaka • Dec 19, 2018 • View on HN

On Linux Firejail/Firetools offer such functionality.

sva_ • Apr 17, 2022 • View on HN

FireJail does at least some isolation