Sandboxing
mal content
artifact.one at googlemail.com
Wed Nov 8 12:41:55 UTC 2006
On 08/11/06, mal content <artifact.one at googlemail.com> wrote:
> Hi.
>
> This is mostly hypothetical, just because I want to see how knowledgeable
> people would go about achieving it:
>
> I want to sandbox Mozilla Firefox. For the sake of example, I'm running it
> under my own user account. The idea is that it should be allowed to
> connect to the X server, it should be allowed to write to ~/.mozilla and
> /tmp.
>
> I expect some configurations would want access to audio devices in
> /dev, but for simplicity, that's ignored here.
>
> All other filesystem access is denied.
>
> Ready...
>
> Go!
>
> MC
>
I forgot to add: Use of TrustedBSD extensions is, of course, allowed.
More information about the freebsd-security
mailing list