sandbox to restrict the application environment

 Firejail is a SUID security sandbox program that reduces the risk of
 security breaches by restricting the running environment of untrusted
 applications using Linux namespaces and seccomp-bpf. It allows a
 process and all its descendants to have their own private view of the
 globally shared kernel resources, such as the network stack, process
 table, mount table.