Sandboxing with Firejail

Posted Jan 22, 2016 23:42 UTC (Fri) by lsl (subscriber, #86508)
In reply to: Sandboxing with Firejail by raven667
Parent article: Sandboxing with Firejail

Which doesn't work with programs not explicitly written for this kind of model. Which makes it kinda useless for most of the things you'd want to contain. See "such a bastard as skype" above.

If open(2) doesn't work for opening a file, real-world utility is going to be limited.

Sandboxing with Firejail

Posted Jan 23, 2016 1:19 UTC (Sat) by raven667 (subscriber, #5198) [Link]

> Which doesn't work with programs not explicitly written for this kind of model.

Well sure, there is no such thing as a free lunch, you need to modify applications to support sandboxing in a user friendly way. The alternative is to bind mount the ~/Download directory in the sandbox but that is substantially more access.

Sandboxing with Firejail

Posted Jan 25, 2016 19:32 UTC (Mon) by drag (guest, #31333) [Link] (1 responses)

With something like skype... if it supports pusleaudio then configure pulseaudio to listen on a TCP socket, give skype the necessary ~/.pulse/ configuration file and cookie to connect to that socket. Run it in a Xvnc server since X11 networking is so problematic.

Should work even if it's ugly.

Sandboxing with Firejail

Posted Jan 26, 2016 2:24 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

You can try instructions here: http://askubuntu.com/questions/371687/how-to-carry-audio-...

I've tried it in the past to stream audio from my laptop, but the quality was not very good over the WiFi.