netblue30
Showing with 6 additions and 0 deletions.

+6 −0 Frequently-Asked-Questions.md
diff --git a/Frequently-Asked-Questions.md b/Frequently-Asked-Questions.md
@@ -5,6 +5,7 @@
 * [How does it compare with AppArmor?](#how-does-it-compare-with-apparmor)
 * [How does it compare with Docker, LXC, nspawn, bubblewrap ?](#how-does-it-compare-with-docker-lxc-nspawn-bubblewrap)
 * [What is the overhead of the sandbox?](#what-is-the-overhead-of-the-sandbox)
+* [Can I sandbox a full OS?](#can-i-sandbox-a-full-os)
 
 ## Applications
 * [Firefox doesn’t open in a new sandbox.](#firefox-doesnt-open-in-a-new-sandbox-instead-it-opens-a-new-tab-in-an-existing-firefox-instance)
@@ -86,6 +87,11 @@ Comparison of Firejail features vs. bubblewrap:
 
 The sandbox itself is a very small process. The setup is fast, typically several milliseconds. After the application is started, the sandbox process goes to sleep and doesn’t consume any resources. All the security features are implemented inside the kernel, and run at kernel speed.
 
+## Can I sandbox a full OS?
+
+The idea so far was to target specific applications, such as Firefox and Chromium, or closed source apps like Steam and Skype. We are moving in the direction of sandboxing a full OS, but it will take some time to get there.
+
+
 <div style="height:20px;">&nbsp;</div>
 
 # Applications