Firejail/firetools included by default in Whonix Anonymous OS distro (just jealousy from parrot ), but recently discussion appeared that Firejail is worsening the security of the OS and i will copy (with rearranging) the arguments here:
- High rate or hole of privilege escalations: references CVEs and Seclist discussion.
- Firejail bulky code and complexity increases security threats and surface attack
- Review from bubblewrap/flatpak maintainer Simon McVittie: here
- Review from security guy like Daniel Micay: here
and thus if any sandboxing tool to be used is Bubblewrap. (full discussion can be found here)
^^^ These are the arguments posted in our forums, i hope the replies going to be technically based to this issue because this is not a matter of opinion but rather technical security outcome. cc @palinuro