"mal content" <[EMAIL PROTECTED]> writes: > On 08/11/06, mal content <[EMAIL PROTECTED]> wrote: >> Hi. >> >> This is mostly hypothetical, just because I want to see how knowledgeable >> people would go about achieving it: >> >> I want to sandbox Mozilla Firefox. For the sake of example, I'm running it >> under my own user account. The idea is that it should be allowed to >> connect to the X server, it should be allowed to write to ~/.mozilla and >> /tmp. >> >> I expect some configurations would want access to audio devices in >> /dev, but for simplicity, that's ignored here. >> >> All other filesystem access is denied. >> >> Ready... >> >> Go! >> >> MC >> > > I forgot to add: Use of TrustedBSD extensions is, of course, allowed.
Putting an X Windows application in a sandbox is kind of silly. After all, X has to have direct access to memory. A virtual machine approach, with a whole virtual set of memory, might make more sense. I use that (via qemu), although not for exactly the same reasons. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
