- How to make it run inside a "network jail" where all networking is disabled or a particular process? I am thinking of something like "seccomp-bpf" that is also used in Bitcoin Core but again, there must already be some kind package for this.
- By the same vein, how can USB, serial/parallel ports, and direct peripheral access be disabled for that particular program?
Run it inside certain sandboxing/"jail", such as chroot. But at this point, i'd recommend people to use VM instead unless they're Linux expert or have lots of free time for trial-and-error.
I'd say I should make a Virtualbox VM that has just Waydroid on some Linux distro running the Airgap Vault; Anbox is very buggy, and Genymotion doesn't even start for me. Although Waydroid itself is not playing well on my Ubuntu box as I just wrote, hence the need for a VM...