What are the pros and cons of sudo/pkexec to a system user versus sandboxing such as with Firejail from a security standpoint?

Thank you

Is this your homework?

Why would this be relevant ?!?!
But no it is not homework.

For example, I am trying to isolate Jitsi.
In my view there is too much risk in letting it run without isolation.
I've been able to run Jitsi as a system user (using pkexec) but I've not been able to firejail Jitsi.
It just doesn't launch under different configurations.
Worse, there is nothing in the logs pointing to what the error would be.
I've already spent many hours trying to get this to work.
I don't like to end up on a failure, but at the same time I have better use of my time.

What will I lose if I don't pursue the Firejail route?

what?
you mean as root/sudo?
that can't be right.

You could use apparmor for that. However it lacks the ability to isloate network traffic so if you used sudo to run it under a different unprivileged user and group then you could supplement it with iptables.

probably you can try this: https://github.com/robertoandrade/docker-jitsi-meet - if I understand well.

Thank you turbocapitalist

That's what I've done:

useradd --system -s /usr/sbin/nologin -d /home/jitsi jitsi

pkexec -u jitsi env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY /usr/bin/jitsi %u

I've adjusted iptables for the user jitsi

This works except for the warning:
"could not determine how to handle %u"

But my original question remains unanswered:
How "firejail jitsi" (if this worked) differ from what I have above?
Also why would running apparmor+sudo be better than what I have above?
Would this produce better security? If yes, why?