Btw, I mentioned libvirt-sandbox on #freedombox, and was tipped about firejail, which seem to do a similar task. Are you aware of firejail? Do you know how libvirt-sandbox is different from firejail? Firejail is in unstable and testing already, and was possible to backport with a hack to add some missing kernel call constants. -- Happy hacking Petter Reinholdtsen