* Read access to most of the filesystem
** Excludes themes/GTK configuration, fonts, shared data and libraries
| Level 4 ||
* Network access including local sockets
** Excludes X11 socket
* System V IPC
* Uses chroot jail
* Uses Unprivileged User Namespaces (if available)
|}