alt Hacker News> There's no security model for desktops that works well.
Don't you think that something which combines ideas from Firejail and Guix containers could be good enough?
For those who have not used Firejail, it is a sandbox that comes with default security profiles for most popular Linux binaries, so it's pretty unobtrusive. Say you want to run Firefox, Firejail limits access Firefox to ~/.mozilla and ~/Downloads by default. So, in case Firefox is compromised, attackers can't steal things from other $HOME directories like ~/.ssh.
On the other hand, Guix lets you launch ephemeral shells, like Nix, with any combination of packages. Unlike Nix, it provides a very convenient set of flags to sandbox the shell in terms of network, files, etc. This is handy for development tasks where you would like to have fine-grained capabilities.
Replies
Firejail uses "Linux container" technology (term?) which is not that secure. Better is using selinux to confine the browser, like Android and ChromeOS do.
(Fedora and Red Hat have selinux, too, but the focus is on server security: there is no attempt to confine browsers in the selinux rules that ship with Fedora and Red Hat.)
Jails are fine and nice but always come in your way when you expect to do things as you would on a desktoo and you want a computer and not a software appliance like an iOS.
Just look at how many flatpaks are distributed with broad insecure access, how many workarounds have to be made with apps to work when reasonnably jailed, the presence of tools like flatseal.