Firejail lets me pick a network namespace and filter dbus through xdg-dbus-proxy.
Firejail has application profiles which allow local customizations and global customizations by a user. I guess firejail can be used inside guix shell --container that --shares and --exposes everything, but I haven't tried firejail inside guix shell --container. The ability to pick a network namespace is important for me. Filtering dbus is good. I don't know whether guix shell --container can have profiles. If you are curious of what a firejail profile can do, you can check https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template
