Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Operating Systems
ChromeOS & Linux
Which Linux OS best for everyday work?
Message
<blockquote data-quote="Victor M" data-source="post: 1109260" data-attributes="member: 96560"><p>firejail does it better. You can use the firefox-common.profile of the Fortified Ubuntu 24.04 hardening.PDF on fortifiedubuntu.org. The profile mentions apparmor, but it will work without it. For example while the SELinux allows firefox to see the whole /etc directory, firejail only allows it to see a limited subset of files. There are many restrictions laid down in that firefox-common.profile.</p><p></p><p>There should be some additional restrictions when you make your Fedora user account use the user_u SELinux user. But I didn't really investigate. One restriction I know exists for user_u is that that account couldn't sudo. I think SELinux defines 3 kinds of users, and user_u is the lowest ranking one. There is a xguest SELinux user which you should get if you install the xguest package, but that doesn't work on Fedora 40 - the installed Guest account can't login, perhaps it only works in Red Hat.</p><p></p><p>[EDIT] If you implement user_u, firejail will say there is an existing sandbox and run your program Without any firejail protection.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1109260, member: 96560"] firejail does it better. You can use the firefox-common.profile of the Fortified Ubuntu 24.04 hardening.PDF on fortifiedubuntu.org. The profile mentions apparmor, but it will work without it. For example while the SELinux allows firefox to see the whole /etc directory, firejail only allows it to see a limited subset of files. There are many restrictions laid down in that firefox-common.profile. There should be some additional restrictions when you make your Fedora user account use the user_u SELinux user. But I didn't really investigate. One restriction I know exists for user_u is that that account couldn't sudo. I think SELinux defines 3 kinds of users, and user_u is the lowest ranking one. There is a xguest SELinux user which you should get if you install the xguest package, but that doesn't work on Fedora 40 - the installed Guest account can't login, perhaps it only works in Red Hat. [EDIT] If you implement user_u, firejail will say there is an existing sandbox and run your program Without any firejail protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
