r0l1

Hi all, I am a long follower of Hacker News and finally this is my first question. Just setting up a new laptop and I do want to isolate my webbrowser from the rest of the system. I used firejail for this task, but have read some points against it (Executed as root?). Flatpak has its own sandbox and might be better isolated. However I must trust different packagers and flatkill looks scary. The best isolation would be offered by a seperate VM, but this requires a shared folder setup and might be not as straightforward... I am keen to hear more about your setups and how you accomplish this task. Thanks!