@drq, after a brief look at the kernel module, I suggest you do not use it :)
Application-level firewall for GNU/Linux is one of the projects in my long TODO-list, by the way. I've already designed architecture (KISS as usual), but haven't found time to implement it yet.
So far you can use https://github.com/jollheef/appvm, there's an option to run application offline, e.g.: `appvm start evince --offline`.
@dump_stack cool, but I was looking for something like Little Snitch, which will catch everything leaving my system
@drq, yes, Little Snitch rocks. Unfortunately, I haven't found useful any implementations for GNU/Linux.
Without improvements of user-space integrity checks, all that stuff is useless, because if you're able to just replace binary at the path with your own then... you know.
lor.sh is yet another mastodon instance.