Security is layers, i utilize apparmor and firejail personally. And in fact 90% of widespread malware specifically relies on lazy people. Often targets default passwords etc
If you are relying on community sandboxing profiles and not making your own, i can understand why Firejail is interesting as a choice because of its large community.
If you are making your own, consider checking out Bubblewrap (available on most Linux systems), Bubblejail), Crablock, and Sydbox, which all use unprivileged sandboxes.
Security is layers, i utilize apparmor and firejail personally. And in fact 90% of widespread malware specifically relies on lazy people. Often targets default passwords etc
Firejail is a large SETUID binary which can (and has) aid in privilege escalation. It is recommended to avoid it for this reason.
See: https://madaidans-insecurities.github.io/linux.html#firejail
If you are relying on community sandboxing profiles and not making your own, i can understand why Firejail is interesting as a choice because of its large community.
If you are making your own, consider checking out Bubblewrap (available on most Linux systems), Bubblejail), Crablock, and Sydbox, which all use unprivileged sandboxes.