| 1 |
This weekend I tried Sakaki's excellent guide to running Firefox in a |
| 2 |
sandbox [1]. For the most part I religiously followed the guide, except: |
| 3 |
|
| 4 |
- being on a desktop I was not too interested in setting up the bridge |
| 5 |
needed for WLAN; since it did not work out-of-the-box (possibly due to |
| 6 |
my config already running shorewall), I ditched that part and run |
| 7 |
'firejail --net=xxx ...' |
| 8 |
|
| 9 |
- I'm running firefox-bin so I could not follow the USE=-gmp-autoupdate part |
| 10 |
|
| 11 |
- minor stuff related to Xfce vs GNOME, and some no longer present USE flags |
| 12 |
|
| 13 |
Seems to work fine, I'm just wondering if I should adapt my shorewall |
| 14 |
configuration to the different usage. My understanding is that Sakaki |
| 15 |
mainly uses it for the WLAN bridge and optionally to filter port 25 (for |
| 16 |
email spam prevention) so if I'm using a wired Ethernet I can safely |
| 17 |
skip this part, at least initially, anybody can confirm? |
| 18 |
|
| 19 |
Anybody else has had experience with this way of sandboxing? |
| 20 |
|
| 21 |
thanks, |
| 22 |
|
| 23 |
raffaele |
| 24 |
|
| 25 |
[1] |
| 26 |
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki's_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail |
Archives