Firejail is an easy to use security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux kernel security features. It restricts what files and directories an application can access in your home directory and what access it has to system directories and system resources. Firejail is ideal for use with web browsers, desktop applications, and daemons/servers alike. more
Firejail
security sandbox
Firejail 
Although like many features of firejail, I didn’t install on my computers because the option “-net” (unconnected network namespace) allows any user to pass by my firewall rules. Is there any way to install firejail and disable the option “-net” so that users cannot use it? While there is no way to ban users from using the option “-net” I can’t use firejail. Could be a way to disable the option “-net” in the configuration file. Does anyone have any suggestions?
LikeLike
As root user, in a text editor open /etc/firejail/firejail.config and set “network no”, or set “restricted-network yes”.
LikeLike
Thanks for the answer. Set “restricted-network yes” works for me.
LikeLike
I do not know where is file firejail.config.In /etc/firejail there are only files xxxxx.profile or xxxxxx.disable.
LikeLike
Probably you are running an old version of firejail. Grab the latest from Downloads section.
LikeLike
Pingback: Linux Mint Sandboxing Guide | Firejail