1 |
This weekend I tried Sakaki's excellent guide to running Firefox in a |
2 |
sandbox [1]. For the most part I religiously followed the guide, except: |
3 |
|
4 |
- being on a desktop I was not too interested in setting up the bridge |
5 |
needed for WLAN; since it did not work out-of-the-box (possibly due to |
6 |
my config already running shorewall), I ditched that part and run |
7 |
'firejail --net=xxx ...' |
8 |
|
9 |
- I'm running firefox-bin so I could not follow the USE=-gmp-autoupdate part |
10 |
|
11 |
- minor stuff related to Xfce vs GNOME, and some no longer present USE flags |
12 |
|
13 |
Seems to work fine, I'm just wondering if I should adapt my shorewall |
14 |
configuration to the different usage. My understanding is that Sakaki |
15 |
mainly uses it for the WLAN bridge and optionally to filter port 25 (for |
16 |
email spam prevention) so if I'm using a wired Ethernet I can safely |
17 |
skip this part, at least initially, anybody can confirm? |
18 |
|
19 |
Anybody else has had experience with this way of sandboxing? |
20 |
|
21 |
thanks, |
22 |
|
23 |
raffaele |
24 |
|
25 |
[1] |
26 |
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki's_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail |