I didn't know about firejail up to now, but this small guide on how to use it to sandbox ffmpeg on Linux seems like useful #mastoadmin advice: https://serenitylabs.cloud/using-firejail-to-sandbox-ffmpeg-in-mastodon
I don't have the impression this can even work, but maybe I'm missing something important.
See comment to the issue that the author of that blog post created, at https://github.com/tootsuite/mastodon/issues/8648#issuecomment-419673233
@galaxis When people try to make the sandboxing argument with snaps, I tell them about about this wonderful combo called "apt" and "firejail." I don't care how easy snap is supposed to make things for developers, the user should always come first, which many forget that not all people choose #Linux for the programming but actual every day desktop use. Snaps, flatpacks, and AppImages are some of the most selfish package management formats Linux has come up with in a long time.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!