Yes firejail is awesome, but you can only block writes to directories. What I'm looking for is an option to redirect all writes to single directory. This should be transparent (app still might think is writing willy nilly, but in reality all writes would be redirected let's say to ~/app).
I'm pretty sure you actually can do this with firejail, see: --overlay and --overlay-named. For some reason it looks like these are hardcoded (yay, UNIX culture!) to point to `$HOME/.firejail/<progname or name>`.
ps: coincidentally, I was just starting to use linux firejail on a daily basis.. very very useful.