On Tue, Jul 19, 2016 at 8:37 PM, pelzflorian (Florian Pelz)
wrote:
> On 07/19/2016 07:03 PM, Carsten Mattner via arch-general wrote:
>> This is a nice and useful project, but I think we could be served
>> better in the short term by having supported firejail profiles
>> for things like Firefox and LibreOffice that are easy to use.
>>
>
> Firejail is a different design with less filesystem isolation. We should
> have both, even in the long term. The more direct competitor to Firejail
> is Bubblewrap, not Flatpak/pacpak.
>
> That said, the documentation on Firejail on the wiki seems to contain
> the most important things. I’m not knowledgable enough about Firejail
> though. Network namespaces are missing in the wiki instructions. I don’t
> know if Firejail can restrict D-Bus access. In the past I could launch
> an unrestricted Nautilus from a Firejail’d Icecat, but apparently that
> no longer works. I don’t know enough about the advantages/disadvantages
> over Bubblewrap; apparently there is some disagreement about the scope,
> e.g. whether how Pulseaudio should be dealt with.
FWIW I couldn't get Firejail's Firefox profile to work.
What's the link for bubblewrap? It's such a generic term that it's
hard to look up.
