I am generally fairly wary of the amount of access software has on my computer. Consequently, I like to use firejail on Linux to sandbox a lot of applications. E.g. am I playing a single-player game from itch.io? It doesn't need access to my mount points, my home directory (beyond the game's own directory for the program, game files and save data) or to the network. Sometimes I am stunned by how much trust I put into random software back in 1998
It uses Linux namespace and seccomp-bfp.
An example command of what I might use would be:
$ firejail --net=none --disable-mnt --whitelist=/home/myuser/files/games/game_title/ ./game.shSome common programs have pre-existing profiles defined by firejail, like firefox, and those can be found in /etc/firejail. In the case of firefox, one notable change is access to your home directory: it gets restricted to just your downloads folder!
Keine Kommentare:
Kommentar veröffentlichen