Please add/install Firejail with the empty file /etc/firejail/firejail.users. At least for versions 0.9.54 and up this will allow root to use Firejail and provide users with an informational message as to how they can, if indeed they are superusers, add themselves to this file in order to use Firejail. Otherwise Firejail assumes all users have superpowers. If root wants all users to use Firejail, they can then actively delete /etc/firejail/firejail.users; I think this is better than passively granting all users superpowers when the package is installed.
Disregard my suggestion to limit options using /etc/firejail/firejail.config. The config file does not provide enough controls to limit superuser activities. For example (and this is another example of an issue with the default): using Firejail any user can join any control group using the --cgroup option, therefore overriding certain system controls; the config file does not (at this time) provide means to limit this. Hopefully this is an acceptable quick fix to this issue? (for Buster+ and Stretch-backports) Thank you.
