Sandboxing in systemd? I would’ve shown my (somewhat manual) method but then I was strolling through the GitHub and saw shh (systemd hardening helper). It uses strace to generate suggestions. You’ll need to be extremely careful, playing inside a sandbox summons debugging hell. I tried it briefly.
Video: Plug it into whatever wild abstraction. Happy sandboxing.. Sorry, your browser does not support embedded videos. Here is a link to the video instead. Plug it into whatever wild abstraction. Happy sandboxing. Index: Cache · Source