Project Description

Running a web browser from your PC can cause all sorts of security or anonymity issues; e-g: content downloaded could be run automatically from your PC, resulting in disk encryption or other unpleasant events. It would be great if we could run most of this in a container so that we have as much of the web browser sandboxed, and limit the PC's exposure to security events.

So, we want to be able to run a sandboxed Firefox web browser inside a container. The web browser should [obviously] share the PC's display and provide sound. It should behave as if the browser was installed on the PC.

Goal for this Hackweek

Run a fully sandboxed Firefox web browser, on a PC that doesn't have Firefox installed.

Resources

Looking for hackers with the skills:

containers security

This project is part of:

Hack Week 22

Activity

  • 3 days ago: dfaggioli liked this project.
  • 6 days ago: nguyens added keyword "containers" to this project.
  • 6 days ago: nguyens added keyword "security" to this project.
  • 6 days ago: nguyens originated this project.

  • Comments

    • dfaggioli
      3 days ago by dfaggioli | Reply

      Sounds interesting. Tools like toolbox (https://github.com/openSUSE/microos-toolbox) and distrobox (https://github.com/89luca89/distrobox) achieve something like that. In fact, they do achieve the goal of running a browser (as well as pretty much any GUI app) from inside a container. They, however, are not meant for providing strong isolation (if any real "strong" isolation can even be provided with containers), so a lot of the host is shared inside of the container.

      This, of course, can be changed/restricted. Those project are not really interested in turning themselves into strong sandboxing solutions, but maybe they can be looked up, to take inspiration.

      For more information, see: https://github.com/89luca89/distrobox/issues/28 and/or: https://github.com/openSUSE/microos-toolbox/blob/master/toolbox#L197

      Note also that there are other similar tools (like Silverblue tlbox, written in Go instead than in bash), that it could be interesting to check.

    Similar Projects

    Improve Docker registry listing tool by rbranco

    Project Description

    [regview](https://git...


    Humidity sensors with dashboard by joachimwerner

    Build a network of ("edge") humidity sensors...


    Building a CNF solution for Edge environment by lizhang

    Project Description

    Network managemen...


    Image generation AI in container using Radeon GPU by tjyrinki_suse

    [comment]: # (Please use the project descriptio...


    Make iguana-workflow to support multiple container frontends by oholecek

    Project Description

    Iguana is an attempt ...


    Rancher Token Revoker by mbolot

    [comment]: # (Please use the project descriptio...


    Create tool for managing RPM package signing keys by dheidler

    [comment]: # (Please use the project descriptio...


    Force USB devices to be read from a virtual machine on a given PC by nguyens

    [comment]: # (Please use the project descriptio...