You are not logged in.
I've recently written a sandboxing suite and have been using it on my Arch desktop install. It handles a lot of boring set up stuff transparently, and thought it could be useful to others maybe.
Repo: https://github.com/darrenldl/sandboxing
Main features
Private home for programs
Shell interpreter access is removed in the sandbox
Access to number of binaries is minimized (via bubblewrap and AppArmor)
Fairly strict seccomp filters are supplied to bubblewrap
Fairly strict AppArmor profiles are generated
README "Profiles" section contains an overview of profiles ready to be used.
Offline