@juancarlospaco Thanks!
firejail seems to do _much_ more than I want, and from reading a bit about the Nim package and the underlying library, I must admit that I don't even understand how I would apply it to my usecase. I only want to call the external process from a small command line program. (That said, my program won't be executed by the user directly, but implicitly from another program the user runs. I can elaborate on this if you're interested.)
