rms asked me about sandboxing icecat. I recommended some documentation like this: "We recommend that you use a sandbox package with Icecat. Which one depends on what package you already use and what is supported with your version of Icecat on your distro. For the upstream Icecat, a recent version of Firejail is probably the easiest to setup. For Icecat distributed in a distro, apparmor or selinux are probably easiest."
But he suggested that most people wouldn't do anything because it's difficult and vague, and that it should be setup to work out of the box. I'm thinking some distros do have it sandboxed out of the box, maybe fedora and ubuntu? -- Ian Kelling | Senior Systems Administrator, Free Software Foundation GPG Key: B125 F60B 7B28 7FF6 A2B7 DF8F 170A F0E2 9542 95DF https://fsf.org | https://gnu.org -- http://gnuzilla.gnu.org
