This weekend I tried Sakaki's excellent guide to running Firefox in a
sandbox [1]. For the most part I religiously followed the guide, except:
- being on a desktop I was not too interested in setting up the bridge
needed for WLAN; since it did not work out-of-the-box (possibly due to
my config already running shorewall), I ditched that part and run
'firejail --net=xxx ...'
- I'm running firefox-bin so I could not follow the USE=-gmp-autoupdate part
- minor stuff related to Xfce vs GNOME, and some no longer present USE flags
Seems to work fine, I'm just wondering if I should adapt my shorewall
configuration to the different usage. My understanding is that Sakaki
mainly uses it for the WLAN bridge and optionally to filter port 25 (for
email spam prevention) so if I'm using a wired Ethernet I can safely
skip this part, at least initially, anybody can confirm?
Anybody else has had experience with this way of sandboxing?
thanks,
raffaele
[1]
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki's_EFI_Install_Guide/Sandboxing_the_Firefox_Browser_with_Firejail
