Project Description
Running a web browser from your PC can cause all sorts of security or anonymity issues; e-g: content downloaded could be run automatically from your PC, resulting in disk encryption or other unpleasant events. It would be great if we could run most of this in a container so that we have as much of the web browser sandboxed, and limit the PC's exposure to security events.
So, we want to be able to run a sandboxed Firefox web browser inside a container. The web browser should [obviously] share the PC's display and provide sound. It should behave as if the browser was installed on the PC.
Goal for this Hackweek
Run a fully sandboxed Firefox web browser, on a PC that doesn't have Firefox installed.
Resources
Looking for hackers with the skills:
This project is part of:
Hack Week 22
Comments
-
2 months ago by dfaggioli | Reply
Sounds interesting. Tools like toolbox (https://github.com/openSUSE/microos-toolbox) and distrobox (https://github.com/89luca89/distrobox) achieve something like that. In fact, they do achieve the goal of running a browser (as well as pretty much any GUI app) from inside a container. They, however, are not meant for providing strong isolation (if any real "strong" isolation can even be provided with containers), so a lot of the host is shared inside of the container.
This, of course, can be changed/restricted. Those project are not really interested in turning themselves into strong sandboxing solutions, but maybe they can be looked up, to take inspiration.
For more information, see: https://github.com/89luca89/distrobox/issues/28 and/or: https://github.com/openSUSE/microos-toolbox/blob/master/toolbox#L197
Note also that there are other similar tools (like Silverblue tlbox, written in Go instead than in bash), that it could be interesting to check.
-
Similar Projects
Containerfile / Dockerfile generator library by amanzini
[comment]: # (Please use the project descriptio...
K3S Control Planes as a service by ademicev0
[comment]: # (Please use the project descriptio...
Building a CNF solution for Edge environment by lizhang
Project Description
Network managemen...
Containerized git server/client for playground and tutorials by mberti
[comment]: # (Please use the project descriptio...
Container images for building the Uyuni docs by juliogonzalezgil
Project Description
The Uyuni doc require...
Sandboxed USB Inspection by nguyens
[comment]: # (Please use the project descriptio...
Rancher Token Revoker by mbolot
[comment]: # (Please use the project descriptio...
Create tool for managing RPM package signing keys by dheidler
[comment]: # (Please use the project descriptio...