Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups.

$ firejail firefox # starting Mozilla Firefox

$ firejail transmission-gtk # starting Transmission BitTorrent

$ firejail vlc # starting VideoLAN Client

$ sudo firejail "/etc/init.d/nginx start && sleep inf"