$ bwrap --unshare-net --dev-bind / / bash $ curl google.com curl: (6) Could not resolve host: google.com
https://wiki.archlinux.org/title/Bubblewrap
https://wiki.archlinux.org/title/Firejail
The only minor counter-argument would be laziness as a security threat: the more difficult you make the process, the more likely the user will skip seemingly useless steps, thus compromising security.
The only minor counter-argument would be laziness as a security threat: the more difficult you make the process, the more likely the user will skip seemingly useless steps, thus compromising security.