Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For executables on Linux there are things like bubblewrap or firejail. One can also use a restrictive container. But those are strictly weaker than browser sandboxes.

The most secure way presently is to use qubes-os that allows to use a very hardened VM to run individual applications.



Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: