alt Hacker NewsFor me the interesting part of Firejail is the interface. bwrap is usually recommended as a replacement given that the binary is smaller and thus offers less attack surface, which I think is the usual concern. Firejail employs kernel user_namespaces, but also offers integration with AppArmor.
>the binary is smaller and thus offers less attack surface, which I think is the usual concern.
Another concern is the huge attack surface that is the Linux kernel.