Re: Is it possible to use pledge(2) to make something similar to firejail?

2015-12-05 Thread dan mclaughlin
On Mon, 30 Nov 2015 23:30:49 +0100 Lampshade wrote: > Thanks for answers. > @dan mclaughlin. But how to prevent attacker going out of chroot? as far as i am aware only root can break out of a chroot. as long as nothing runs as root, and there are no suid root this shouldn't

Re: Is it possible to use pledge(2) to make something similar to firejail?

2015-11-30 Thread Lampshade
Thanks for answers. @dan mclaughlin. But how to prevent attacker going out of chroot? Do you think that this is possible to prevent this using pledge(2)? Thanks for links. Especially Jonathan's "Re: making firefox less insecure" mail dated 2014-11-23 is worth reading for me. I wonder if

Re: Is it possible to use pledge(2) to make something similar to firejail?

2015-11-29 Thread dan mclaughlin
On Sun, 29 Nov 2015 07:08:57 -0700 "Anthony J. Bentley" wrote: > Lampshade writes: > > Is it possible, in theory, to use pledge(2) to make something similar to > > fire > > jail? > > https://packages.debian.org/sid/main/firejail > > Firejail is a Gnu/Linux's program which

Re: Is it possible to use pledge(2) to make something similar to firejail?

2015-11-29 Thread Anthony J. Bentley
Lampshade writes: > Is it possible, in theory, to use pledge(2) to make something similar to fire > jail? > https://packages.debian.org/sid/main/firejail > Firejail is a Gnu/Linux's program which executes Firefox as it's descendant > with reduced privilages. > For example I would like to restrict

Re: Is it possible to use pledge(2) to make something similar to firejail?

2015-11-29 Thread Jiri B
On Sun, Nov 29, 2015 at 01:15:24PM +0100, Lampshade wrote: > Is it possible, in theory, to use pledge(2) to make something similar to > firejail? > https://packages.debian.org/sid/main/firejail > Firejail is a Gnu/Linux's program which executes Firefox as it's descendant > with reduced

Is it possible to use pledge(2) to make something similar to firejail?

2015-11-29 Thread Lampshade
Is it possible, in theory, to use pledge(2) to make something similar to firejail? https://packages.debian.org/sid/main/firejail Firejail is a Gnu/Linux's program which executes Firefox as it's descendant with reduced privilages. For example I would like to restrict Firefox to not write and read