How can I restrict the file system permissions of an application?
Normally, if you don’t have a SELinux profile, that app, under the same user can do pretty much everything, if the FS permissions allow.
Is AppArmor the right solution to avoid this sort of risk?
Looking online, it looks a bit raw… Too many manual actions to make it work.
I’m searching for a solution to sandbox every app I use, mainly the browser, the most improtant attack vector for me.