Project Description

Running a web browser from your PC can cause all sorts of security or anonymity issues; e-g: content downloaded could be run automatically from your PC, resulting in disk encryption or other unpleasant events. It would be great if we could run most of this in a container so that we have as much of the web browser sandboxed, and limit the PC's exposure to security events.

So, we want to be able to run a sandboxed Firefox web browser inside a container. The web browser should [obviously] share the PC's display and provide sound. It should behave as if the browser was installed on the PC.

Goal for this Hackweek

Run a fully sandboxed Firefox web browser, on a PC that doesn't have Firefox installed.

Resources

Looking for hackers with the skills:

containers security

This project is part of:

Hack Week 22

Activity

  • about 2 months ago: nguyens started this project.
  • 2 months ago: dfaggioli liked this project.
  • 2 months ago: nguyens added keyword "containers" to this project.
  • 2 months ago: nguyens added keyword "security" to this project.
  • 2 months ago: nguyens originated this project.

  • Comments

    • dfaggioli
      2 months ago by dfaggioli | Reply

      Sounds interesting. Tools like toolbox (https://github.com/openSUSE/microos-toolbox) and distrobox (https://github.com/89luca89/distrobox) achieve something like that. In fact, they do achieve the goal of running a browser (as well as pretty much any GUI app) from inside a container. They, however, are not meant for providing strong isolation (if any real "strong" isolation can even be provided with containers), so a lot of the host is shared inside of the container.

      This, of course, can be changed/restricted. Those project are not really interested in turning themselves into strong sandboxing solutions, but maybe they can be looked up, to take inspiration.

      For more information, see: https://github.com/89luca89/distrobox/issues/28 and/or: https://github.com/openSUSE/microos-toolbox/blob/master/toolbox#L197

      Note also that there are other similar tools (like Silverblue tlbox, written in Go instead than in bash), that it could be interesting to check.

    • nguyens
      about 2 months ago by nguyens | Reply

      Thanks a lot Dario! It worked out with a few tweaks to provide access to the X server and the DRI device files.

      • dfaggioli
        11 days ago by dfaggioli | Reply

        Mmm... Cool and interesting! Can I ask you which tricks?

    Similar Projects

    Containerfile / Dockerfile generator library by amanzini

    [comment]: # (Please use the project descriptio...


    K3S Control Planes as a service by ademicev0

    [comment]: # (Please use the project descriptio...


    Building a CNF solution for Edge environment by lizhang

    Project Description

    Network managemen...


    Containerized git server/client for playground and tutorials by mberti

    [comment]: # (Please use the project descriptio...


    Container images for building the Uyuni docs by juliogonzalezgil

    Project Description

    The Uyuni doc require...


    Sandboxed USB Inspection by nguyens

    [comment]: # (Please use the project descriptio...


    Rancher Token Revoker by mbolot

    [comment]: # (Please use the project descriptio...


    Create tool for managing RPM package signing keys by dheidler

    [comment]: # (Please use the project descriptio...