On Sat, Dec 01, 2012 at 08:53:53PM -0800, Robert Connolly wrote: > Hello. > > In an effort to isolate Firefox (or any graphical browser) from my > user account, I have added a 'firefox' user and group, added > 'firefox' user to sshd_config to allow x11 forwarding, and ran the > following commands: > $ Xephyr :1 > $ ssh -Yf firefox@localhost firefox --display :1 > > This can be made nicer with a window manager, but I don't think that > is important here. > > From what I understand, this will prevent Firefox from having access > to my display, such as keystrokes and mouse movement. It will also > prevent Firefox from having access to my go-rwx files, and > modification permissions to my files. This sounds like all of the > isolation I want from Firefox, while still being able to use it. > > I would like to know if I am missing or forgetting anything. I don't > think a chroot for Firefox will gain me much. Other options include > using pf and systrace, but again I don't think this would gain me > much.
Newer Xephyr which is not in Xenocara yet offer resizable window. You an also share clipboard with little scripts between X servers. jirib
