Ok - thanks.
The problem is though:
- bubblewrap is currently incompatible with any Qubes VM, meaning the alpha Tor sandbox doesn’t work in straight Debian VMs or Whonix VMs in Qubes-Whonix (see Patrick’s efforts); and
- 32 bit binaries are no longer being built for the alpha Tor sandbox, which I thought meant that this will now be incompatible with 32-bit non-Qubes-Whonix.
Thus, Firejail is the only working solution for Qubes-Whonix & non-Qubes-Whonix currently. I don’t expect either of these problems will be solved anytime soon (bubblewrap & 64-bit non-Qubes-Whonix).
See here: