Anyone heard of this? Uses this?

http://www.sandboxie.com/

Investigating...

I run my browser, by default, in a SElinux sandbox.. Google Chrome/Chromium has been trying to do this for quite some time. It's the right idea, but I feel like there are too many pitfalls in using an application level to protect you from system level problems. If that makes sense? This sort of thing should be and will be part of the OS sooner than later. There's no reason for a web browser to have access to most data on your system, but it does. Assuming 'sandboxie.com' is a trustworthy organization, it's probably a good stop gap.

I am toying with the idea of re-upping my MCSE for the new Winders 8 world.

Partly in an attempt to find more lucrative employment (maybe) and partly so I can purchase MS Server a lot cheaper.

Hyper V works, MS needs to have a low cost version for the users... a virtual "safe" session for all browsing. :agree:

Dave, you couldn't be living in a better market for IT-type folks. Especially if you want to roll the dice and go with a startup.

Though your talk of Windows does make me a little sick.. ;) </richard_stallman_syndrom>

I run my browser, by default, in a SElinux sandbox.. Google Chrome/Chromium has been trying to do this for quite some time. It's the right idea, but I feel like there are too many pitfalls in using an application level to protect you from system level problems. If that makes sense? This sort of thing should be and will be part of the OS sooner than later. There's no reason for a web browser to have access to most data on your system, but it does. Assuming 'sandboxie.com' is a trustworthy organization, it's probably a good stop gap.

I want to set up something similar using SElinux on Fedora but unfortunately my GUI configuration tools don't work. I think it might have to do with some sort of Python issue but I haven't identified it yet. Running it under "strace" I get some input/output errors + some errors about temporary resource unavailability but I haven't identified them yet. They were working originally but I guess at some update point something got broken. Unfortunately I haven't learned to configure it manually. I might just make do without it and wait until I upgrade to the latest version.

Anyone heard of this? Uses this?

http://www.sandboxie.com/

Investigating...


I tried it. The neighbors cat shit on my computer.

I want to set up something similar using SElinux on Fedora but unfortunately my GUI configuration tools don't work. I think it might have to do with some sort of Python issue but I haven't identified it yet. Running it under "strace" I get some input/output errors + some errors about temporary resource unavailability but I haven't identified them yet. They were working originally but I guess at some update point something got broken. Unfortunately I haven't learned to configure it manually. I might just make do without it and wait until I upgrade to the latest version.You have to call your window manager directly now, because that's actually the application controlling the output. It's late & I'm on my tablet but I'd be happy to share the scripts I use to launch Chrome & Firefox in the morning.

This presupposes your window manager is actually metacity.. I'm not sure if it works in other scenarios, but the concept should be the same..

sandbox -t sandbox_web_t -w 1200x1118 -W metacity -X firefox '%s'

I thought ~/ is a sandbox... The only thing a user can do is make changes to ~/ and /tmp

But, what do I know?

I thought ~/ is a sandbox... The only thing a user can do is make changes to ~/ and /tmp

But, what do I know?


Now that you mention it, that's an excellent question. One that many of us have pondered for quite some time. :lol:

Now that you mention it, that's an excellent question. One that many of us have pondered for quite some time. :lol:

Every day I'm finding it's less and less :lol:

Every day I'm finding it's less and less :lol:

"We grow too soon old and too late smart!"

Oh, man...the more OF'ness sets in the truer that gets!

Every day I'm finding it's less and less :lol:


I think it's been true all our life; it's just that as we age we gain the wisdom and the ability to honestly admit it.

Now I am totally con-fuzed. Maybe I'll just leave it as it is.. :)

~ and /tmp are not a complete sandbox though I would argue it's better than what other operating systems do. A SELinux sandbox disallows access to potentially harmful plugs and essentially chroot's ~/.mozilla/firefox/blahblah.default. It's probably not necessary but it certainly does provide an extra level of protection.