I want to run a shell script that might open my browser to a specific website. I don’t want the page to load when this happen. But I cannot switch off my internet access also (as I use the internet to remotely access another system at the same time). So I am planning to isolate the run time environment for the shell script.
I an on Arch and I used to use a AUR package called bubblejail to do this. But with the whole AUR security fiasco, I am not trusting any packages from AUR. I can switch to another distro if needed, like Rocky or something.
So my requirement is, Internet sandboxing for a terminal and the processes it spawns. Preferably using flatpak commands.
Edit: I tried disabling the internet usage for a terminal from Flathub using Flatseal. Sure I cannot curl after this, but when I launch my browser using it, it had Internet access.
Yet again a reminder that flathub solves a problem most people don’t have, and most users het confused with what it does.
We have had granular permissions for users on systems for 50 years, and virtual machines for 30 years, yet people keep using the wrong tool for the job just because the wrong tools keep getting popilar for some damn reason.
OP you are using your flatpack terminal wrong, the processes it launches do not inherit the constraints, or at least are not forced to follow them. Use a separate user account for that.