Just wanted to see what you guys think of firejail. Anyone tried it?

https://firejail.wordpress.com/

I started playing with it yesterday and I have to say, I am certainly impressed. The default profile when loading `firejail st` protects most of the stuff I was concerned about. I used st to load a shell as an example to see what I could access. It denied access to /boot, /sbin, sudo explicitly, .password-store, .gnupg, .ssh, sets ~/bin to read-only, and most of your config files get set to read-only as well. Like I said, running a shell in this firejail was only a test. I actually only run firefox, ssh ( client ), nodejs, nginx, surf, libreoffice, pidgin, and evolution in a firejail.

I was looking for something to protect my sensitive files from internet-facing applications, such as surf and firefox. So if something happened, it couldn't run away with my data. firejail seems to fit this bill rather nicely.

In fact, with the --private=dir switch, you can run the program in its own private home directory if you wanted to go that far.