"Firejail has far too large attack surface and is suid root, which has resulted in plenty of privilege escalation vulnerabilities. https://seclists.org/oss-sec/2017/q1/25 https://www.cvedetails.com/vulnerability-list.php?vendor_id=16191&product_id=0&version_id=0&page=1 Also see this thread in which I have more arguments and the firejail devs themselves acknowledge it adds substantial attack surface https://github.com/netblue30/firejail/issues/3046" I think madaidan wrote this