Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

question: how can i sandbox a DE #1178

Closed
nyancat18 opened this issue Mar 29, 2017 · 4 comments
Closed

question: how can i sandbox a DE #1178

nyancat18 opened this issue Mar 29, 2017 · 4 comments
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required

Comments

@nyancat18
Copy link
Contributor

how can i sandbox a desktu? (lxde/xfce) ?

just like a docker

@chiraag-nataraj
Copy link
Collaborator

One easy way is to run it within a restricted login shell. Just keep in mind that anything you launch within that DE would then be jailed by the profile of the DE rather than the profile of the program. Why sandbox the entire DE?

@reinerh
Copy link
Collaborator

reinerh commented Mar 30, 2017

I also don't think it's a good idea.
You would have to use a profile that is so permissive that all your programs started inside the DE still work.
Better individually jail your applications.

@reinerh reinerh added the information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required label Mar 30, 2017
@Fred-Barclay
Copy link
Collaborator

Make that three of us who don't think it's a good idea. 😉 Any profile that could jail a DE and still allow all your programmes to work would probably be a very weak profile.

@netblue30
Copy link
Owner

I would stay away, the profile will be too permissive. There is a /etc/firejail/openbox.profile, mainly used or x11=xephyr if you want something to start from if you build your own profile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
information_old (Deprecated; use "doc-todo" or "needinfo" instead) Information was/is required
Projects
None yet
Development

No branches or pull requests

5 participants