- How can we securely erase the working data while AirGap Wallet is exiting? Remember that filesystems don't overwrite files in-place so merely writing random data won't work. There must be some kind of package for this. Even better would be some program that makes a temporary, encrypted filesystem before AirGap starts - probably connected by FUSE or something. At least that way, the working directory is scrambled even if the system loses power.
How about creating a ramdisk and putting the app's working directory into it?
- How to make it run inside a "network jail" where all networking is disabled or a particular process? I am thinking of something like "seccomp-bpf" that is also used in Bitcoin Core but again, there must already be some kind package for this.
- By the same vein, how can USB, serial/parallel ports, and direct peripheral access be disabled for that particular program?
Easiest way I know would be a VM (or simpler: docker container) without peripheral and network access.