Hi, CTO of Safing here.

Unfortunately that would not make sense, as the Portmaster needs to access many OS interfaces in order to integrate correctly. Dockers job is pretty much to remove access to these.

However, the systemd service actually uses restrictions as far as possible.

A headless web client in general then. Seems to only be electron from what I can see

Electron only wraps the UI. All important logic is in other components.

You can access the UI via the web browser at 127.0.0.1:817 if you have the Development Mode enabled.

You can also use API Keys, but we’re still working on improving the UX with them.

Find the details in the settings reference: https://docs.safing.io/portmaster/settings