I want to run a shell script that might open my browser to a specific website. I don’t want the page to load when this happen. But I cannot switch off my internet access also (as I use the internet to remotely access another system at the same time). So I am planning to isolate the run time environment for the shell script.
I an on Arch and I used to use a AUR package called bubblejail to do this. But with the whole AUR security fiasco, I am not trusting any packages from AUR. I can switch to another distro if needed, like Rocky or something.
So my requirement is, Internet sandboxing for a terminal and the processes it spawns. Preferably using flatpak commands.
Edit: I tried disabling the internet usage for a terminal from Flathub using Flatseal. Sure I cannot curl after this, but when I launch my browser using it, it had Internet access.
There is likely a less complicated way to do it but sudo to another user account and then run it with the protection. This way it can’t reach your web browser. Or - I don’t know if your program can do it, but Firejail certainly can - hide browser binaries and xdg-open from it, but I don’t know how effective this will be against your particular script.
If you don’t trust something maybe don’t run it on your main OS?