You are not logged in.

#1 2010-02-02 19:33:37

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Sandfox - A Poor Man's Firefox Sandboxer

I have completed writing and pretty thoroughly testing this sandbox creator.  Written entirely in bash (1300 lines) and using only core commands like mount and chroot for sandbox creation, I believe it is quite secure and fills a niche for an easy to use sandbox for Firefox.  It can also create and use multiple sandboxes and can run any program in them with flexible profiles.

My design goals were to Keep It Simple, flexible, and secure.  In the simple department, you can create a sandbox and run Firefox in it with

sandfox firefox

Rather than repeating all that's on the website I'll just drop a link - which includes a fairly detailed "How It Works" section.  I appreciate feedback on your results with it, suggestions, problems, etc.  Particularly, I would like to know how the default Firefox profile runs Firefox on your machine.  I don't use KDE or Gnome themes in Firefox, so if you come up with a profile that enables these themes I'd appreciate a copy.  Try to keep the profile as constrictive as possible (for example, instead of putting all of ~/.kde in the sandbox, what specific folders and files are needed?)  The default Firefox profile should at least allow it to run.  And any other profiles you come up with for other programs would also be appreciated - I might include them in a future release.  Thanks!

As for security, if you can figure out how to break out of the sandbox I'll owe you a nickel.  smile

http://igurublog.wordpress.com/download … t-sandfox/
http://aur.archlinux.org/packages.php?ID=34261

Offline

#2 2010-02-02 20:04:27

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Also, if anyone can comment on the bare minimum files that chroot and su requires in /etc, /lib, and /bin I'd be interested.  I didn't have time to research it fully yet so included all of /etc in the jail, but I'd like to trim that down.  (Users are free to do so by editing the default profile.)  Thanks.

Offline

#3 2010-02-02 20:37:22

JohannesSM64
Member
From: Norway
Registered: 2009-10-11
Posts: 623
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

This is nice for those that want to run e.g. Skype but don't trust it smile

Offline

#4 2010-02-03 17:59:58

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

What a coincidence - i was just searching for something like sadbox and found this very fine script posted by you just yesterday big_smile
Anyway - it's working very good here, and even without themes this piece of software is very usefull.
Also my firefox profile has been red very well. Actually im writing this post in sadfox wink.
BIG thanks!

Last edited by Vi0L0 (2010-02-03 18:06:52)

Offline

#5 2010-02-03 21:15:37

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

What a coincidence - i was just searching for something like sadbox and found this very fine script posted by you just yesterday big_smile
Anyway - it's working very good here, and even without themes this piece of software is very usefull.
Also my firefox profile has been red very well. Actually im writing this post in sadfox wink.
BIG thanks!

Good to hear.  I've been running Sandfox for a few days and it's been solid.

You can probably get the theme to work without too much trouble - just a matter of adding a few binds to /etc/sandfox/firefox.profile if you can figure out where your themes are stored - probably in a subfolder of ~/.gnome2 or ~/.kde4.  I plan to look at this a little more when I get a chance.  I just found yesterday that Firefox gets its cursor theme from the Xdefaults file.  So that is one you can add... (in firefox.profile)

bindro=/home/$user/.Xdefaults

If you use gnome, you can look inside the ~/.gtkrc-2.0 file to see where the themes are stored.

I actually prefer Firefox with the default theme so I've never paid much attention to this.  Usually I focused on getting the theme to NOT work.  smile

Last edited by IgnorantGuru (2010-02-03 21:18:01)

Offline

#6 2010-02-04 17:50:49

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

1) less important: Well... it's not so easy to use themes here on kde... i have even

bind=/home/$user

firefox.profile but that wasn't it... i have tried gksu & kdesu, i have even moved su to kdesu in you sandfox script, but that wasn't it. Its more deeper. For now i don't know how to do this... I remember such problem with OpenOffice, and solution for it was to put something like:
export OOO_FORCE_DESKTOP=gnome
into /etc/profile.d/openoffice.sh

2) more important: I have changed my firefox.profile settings to:

bindro=/home/$user/.config/gtk-2.0
bindro=/home/$user/.esd_auth
bindro=/home/$user/.fontconfig
bindro=/home/$user/.gtkrc-2.0
bindro=/home/$user/.java
bindro=/home/$user/.mozilla
bindro=/home/$user/.Xdefaults   # for cursor theme, etc

so my home-directory shall be read-only. But why then if i will use sandfox firefox, open some pages, close firefox, even sandfox --closeall and then i run firefox normally (not sandfoxed) it's restoring session from the sandfox? Where is session saved? In memory? Or maybe its something with sandfox binding?

Last edited by Vi0L0 (2010-02-04 17:59:25)

Offline

#7 2010-02-04 19:06:26

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

1) less important: Well... it's not so easy to use themes here on kde... i have even

bind=/home/$user

firefox.profile but that wasn't it...

I would think that would do it, but I haven't looked at this yet, so I'll reserve comment until I have a chance to play with KDE and Firefox in this.

i have tried gksu & kdesu, i have even moved su to kdesu in you sandfox script, but that wasn't it.

No, I wouldn't recommend that.  You shouldn't need to change anything in the script to enable themes.  If you believe it's related to an environment variable, setup the sandbox then run firefox through sandfox as a user, as this should more reliably pass the environment variables through.  For example:

sudo sandfox --closeall
sudo sandfox --profile firefox
sandfox firefox

But I'll take a look at this too - I do have KDE to play with, although I don't have Gnome.

2) more important: I have changed my firefox.profile settings to:

bindro=/home/$user/.config/gtk-2.0
bindro=/home/$user/.esd_auth
bindro=/home/$user/.fontconfig
bindro=/home/$user/.gtkrc-2.0
bindro=/home/$user/.java
bindro=/home/$user/.mozilla
bindro=/home/$user/.Xdefaults   # for cursor theme, etc

so my home-directory shall be read-only. But why then if i will use sandfox firefox, open some pages, close firefox, even sandfox --closeall and then i run firefox normally (not sandfoxed) it's restoring session from the sandfox? Where is session saved? In memory? Or maybe its something with sandfox binding?

First, Firefox will not run if its ~/.mozilla folder is read-only, at least in my experience.  I would say at the very least you need to bind that one as bind=, not bindro=.  If you don't want it to alter your .mozilla folder when running from the sandbox, you could mount it as copy=.  Copy now has a hard-coded limit of 50MB though.  You could change that limit in the script if needed, or you could also add a copy= for firefox's cache, providing a total of 100MB.  Then any files in the tmpfs copy of ~/.mozilla will be destroyed on exit.

As for why the session is being saved, if you "bind=/home/$user" and "bindro=/home/$user/.mozilla", the bindro is performed first, and the bind is laid over it, thus giving Firefox read-write access to the folder (which is why it is running at all).  From the help page:

Order And Layers
Sandfox always processes all bindros, then binds, copies, and hides in this order. Note that a sandbox may consist of layers of binds, as in the /var/tmp example above.

Order is important because, for example, if you (read-write) bind your home folder, then bindro a subfolder, the subfolder WILL be read-write accessible (the bindro is performed first and the bind is laid over it). In this case you may want to bindro the home folder and bind subfolders and files which you want to be read-write accessible. It is helpful to test the sandbox filesystem you create before relying on its behavior.

BTW, version 0.9.2 is up now, which includes a few minor corrections and a smarter sandbox closure routine, so it's worth grabbing the update.  Also, just so you know, if you delete any default profile in /etc/sandfox, Sandfox will recreate it, so if you'd like to see the new defaults you can do so.  They haven't changed much from what you're using.

Thanks for your feedback - I'll have a little more info on the theme issue at some point.

Offline

#8 2010-02-04 19:54:32

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

IgnorantGuru wrote:
sudo sandfox --closeall
sudo sandfox --profile firefox
sandfox firefox

But I'll take a look at this too - I do have KDE to play with, although I don't have Gnome.

This command works and looks more clean so i will use it, althought there is still no theme.

IgnorantGuru wrote:

First, Firefox will not run if its ~/.mozilla folder is read-only, at least in my experience.

Well it was working for me before update to 0.9.2 smile.

IgnorantGuru wrote:

I would say at the very least you need to bind that one as bind=, not bindro=.  If you don't want it to alter your .mozilla folder when running from the sandbox, you could mount it as copy=.  Copy now has a hard-coded limit of 50MB though.  You could change that limit in the script if needed, or you could also add a copy= for firefox's cache, providing a total of 100MB.  Then any files in the tmpfs copy of ~/.mozilla will be destroyed on exit.

Thanks for that! copy is what i was lookin for smile.

IgnorantGuru wrote:

As for why the session is being saved, if you "bind=/home/$user" and "bindro=/home/$user/.mozilla"

I didn't do that, listed permisions was all that i had then for home, although after

IgnorantGuru wrote:

BTW, version 0.9.2 is up now

and copy= it's ok.

Last edited by Vi0L0 (2010-02-04 19:56:31)

Offline

#9 2010-02-04 20:43:51

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

I didn't do that, listed permisions was all that i had then for home

Also remember that the default profile also loads in addition to the firefox profile.  At any rate, when I try binding ~/.mozilla read-only, Firefox won't even start, which makes sense.  Copy sounds like what you wanted though.

Here is a firefox.profile that should put your KDE theme in Firefox.  This worked for me on Kubuntu Karmic with KDE4, which is the only system I have with a full KDE4 desktop to try at the moment.  This may also work for Gnome, because from what I could gather on Google, Gnome uses the GTK themes in /usr, so it doesn't require as much as KDE.

# Sandfox Firefox Profile
#
# Note that the default profile is always loaded in addition to other profiles 
#
# For instructions consult http://igurublog.wordpress.com/downloads/script-sandfox/
# OPTION
# or
# OPTION=VALUE   (Do not use quotes)
#
# To include another profile this profile:
# profile=PROFILENAME


# root folders and files required by firefox
bindro=/bin
bindro=/etc
bindro=/lib
bindro=/lib32
bindro=/lib64
bindro=/usr
bindro=/var/lib
bind=/tmp
hide=/var/lib/mlocate

# required by alsa for Flash sound
bindro=/dev/snd

# required by Java
bindro=/opt/java
bindro=/proc
bind=/home/$user/.java


# home folders and files
# You may need to add additional binds to your home folders and files in order
# for every aspect of Firefox to work as you want.  Or you can share your
# entire /home/$user folder (this would reduce security)
bind=/home/$user/.mozilla
bind=/home/$user/.esd_auth

# Needed for KDE and Gnome themes in Firefox
# (may be incomplete for gnome)
# To find out what other binds you may need, run 'env' in a shell as user
# and examine the values of GTK2_RC_FILES and GTK_RC_FILES and XCURSOR_THEME
bindro=/home/$user/.config/gtk-2.0
bindro=/home/$user/.fontconfig
bindro=/home/$user/.fonts
bindro=/home/$user/.gtkrc-2.0
bindro=/home/$user/.gtkrc-2.0-kde4
bindro=/home/$user/.kde/share/config/gtkrc
bindro=/home/$user/.kde/share/config/gtkrc-2.0      
bindro=/home/$user/.kde/share/config/kdeglobals
#bindro=/home/$user/.kde/share/config/kwinrulesrc            # helpful? probably not
#bindro=/home/$user/.kde/share/config/systemsettingsrc        # helpful? probably not
bindro=/home/$user/.kde4/share/config/gtkrc
bindro=/home/$user/.kde4/share/config/gtkrc-2.0      
bindro=/home/$user/.kde4/share/config/kdeglobals
#bindro=/home/$user/.kde4/share/config/kwinrulesrc            # helpful? probably not
#bindro=/home/$user/.kde4/share/config/systemsettingsrc        # helpful? probably not
bindro=/home/$user/.gtkrc-2.0-kde
bindro=/home/$user/.kde3/share/config/gtkrc
bindro=/home/$user/.kde3/share/config/gtkrc-2.0      
bindro=/home/$user/.kde3/share/config/kdeglobals
#bindro=/home/$user/.kde3/share/config/kwinrulesrc            # helpful? probably not
#bindro=/home/$user/.kde3/share/config/systemsettingsrc        # helpful? probably not
bindro=/home/$user/.Xdefaults    # for cursor theme, etc
#bindro=/etc/gtk-2.0/gtkrc    # used but already binded all of /etc


# Required by flash player for persisent LSOs
# Hide will store the cookies in ram and destroy them on exit.  If you need
# LSOs to be permanent, use bind= instead.
# http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
hide=/home/$user/.adobe            # creates a dummy folder
hide=/home/$user/.macromedia    # creates a dummy folder


# other folders and files
# You may want to bind your Downloads or other data folders below so you
# can easily save and upload files from within Firefox.

That will be the default for sandfox 0.9.3 which will be available shortly.  That is pretty much the only change in 0.9.3.  Note that this includes files for KDE4 and KDE3, but only folders or files which exist on your system at the time of sandbox creation are actually binded, so you can leave the excess in there.

If that doesn't work on Arch's KDE4, try this in a shell as your normal user:

env

Then examine the values of GTK2_RC_FILES, GTK_RC_FILES, and XCURSOR_THEME.  I think those are the critical ones for getting themes working in Firefox.  Any files or folders referenced in those variables may need to added.

One other note:  The profile above shares kdeglobals, which is a limited privacy risk, since KDE4 logs recent file and folder names and possibly other data in that file.  It's a limited issue, but if you're concerned you can use kscrubber to clean that file before running Firefox.

Offline

#10 2010-02-04 21:05:15

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Wow! That firefox.profile do the trick with theme! Thank you big_smile
Now i really like sandfox wink

Btw:

IgnorantGuru wrote:

Also remember that the default profile also loads in addition to the firefox profile.

Good to know but I hadn't change any other profile.

Offline

#11 2010-02-04 21:09:47

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

Wow! That firefox.profile do the trick with theme! Thank you big_smile
Now i really like sandfox wink.

Great - thank you for contributing!

0.9.3 is up on the website but the AUR server seems to be down at the moment - I'll update that shortly.  But you don't need it - just changes the default firefox profile to include themes.

Offline

#12 2010-02-06 23:48:06

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Umm... ive got another question smile
You see i've got x86_64 and wanna use older version of firefox (3.5.7) cuz this version works just perfectly with nspluginwrapper-flash (32bit flashplugin/flashplayer)...
And old firefox isn't as secure as newer one so it's fit just perfect to put it to sandbox smile.
Now the problem is that this flashplayer /home/me/.mozilla/plugins/npwrapper.libflashplayer.so tries to call external program called umm... /usr/lib/nspluginwrapper/i386/linux/npviewer.bin and so it cannot run. I have tried to run this npviewer.bin in sandfox, and sandfox gives back a note that it's started in same sandbox as firefox, but it means nothing cuz flash isnt working - looks like npviewer must be called with parameter, and must be called by flashplayer (+ i cannot see any npview in lsof so it means it has been quit)...
Is it possible to solve this?

Last edited by Vi0L0 (2010-02-06 23:50:02)

Offline

#13 2010-02-07 01:06:20

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

Umm... ive got another question smile
You see i've got x86_64 and wanna use older version of firefox (3.5.7) cuz this version works just perfectly with nspluginwrapper-flash (32bit flashplugin/flashplayer)...
And old firefox isn't as secure as newer one so it's fit just perfect to put it to sandbox smile.
Now the problem is that this flashplayer /home/me/.mozilla/plugins/npwrapper.libflashplayer.so tries to call external program called umm... /usr/lib/nspluginwrapper/i386/linux/npviewer.bin and so it cannot run. I have tried to run this npviewer.bin in sandfox, and sandfox gives back a note that it's started in same sandbox as firefox, but it means nothing cuz flash isnt working - looks like npviewer must be called with parameter, and must be called by flashplayer (+ i cannot see any npview in lsof so it means it has been quit)...
Is it possible to solve this?

I suggest having a look at Getting Programs To Run Well In A Sandbox.  If you look at the stdout as flashplayer starts it will probably give you a clue.  (Normally, Sandfox won't show you the stdout, but that section of the help shows how to get it to do so.)  FYI the entire /usr folder is included in the sandbox with the default firefox Sandfox profile, so that probably isn't where the missing file is.

Also, I have x64 Arch and Firefox 3.6 gets along fine with the "flashplugin" package from extra - no wrapper required.  I think flash is 64bit now.

Offline

#14 2010-02-07 01:21:41

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

IgnorantGuru wrote:

I suggest having a look at Getting Programs To Run Well In A Sandbox.  If you look at the stdout as flashplayer starts it will probably give you a clue.  (Normally, Sandfox won't show you the stdout, but that section of the help shows how to get it to do so.)  FYI the entire /usr folder is included in the sandbox with the default firefox Sandfox profile, so that probably isn't where the missing file is.

Ok, i will try it then. Thanks smile

IgnorantGuru wrote:

Also, I have x64 Arch and Firefox 3.6 gets along fine with the "flashplugin" package from extra - no wrapper required.  I think flash is 64bit now.

64bit flashplugin is really buggy and laggy for me sad

Edit: darn! im sooo stupid ;P /opt/lib32 was the answer smile sorry for fatigue

Last edited by Vi0L0 (2010-02-07 01:39:27)

Offline

#15 2010-02-07 01:42:01

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

64bit flashplugin is really buggy and laggy for me sad

I don't doubt it - Flash is NOT my favorite to put it mildly.  I use it rarely so haven't noticed the difference.  I consider Flash effectively a trojan so good idea to sandbox it!  Flashblock and NoScript plugins help control it too, as you're probably already aware.  And mind your Flash cookies (which Sandfox helps control as well).

Please let me know if you resolve the problem and I may include it in the instructions or default profile.  Thanks.

EDIT: "/opt/lib32 was the answer"  - okay thanks, I think I will include that in the default profile.

Last edited by IgnorantGuru (2010-02-07 01:44:10)

Offline

#16 2010-02-07 01:49:57

Vi0L0
Member
From: Poland
Registered: 2009-06-24
Posts: 1,349
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

IgnorantGuru wrote:
Vi0L0 wrote:

64bit flashplugin is really buggy and laggy for me sad

I don't doubt it - Flash is NOT my favorite to put it mildly.  I use it rarely so haven't noticed the difference.  I consider Flash effectively a trojan so good idea to sandbox it!  Flashblock and NoScript plugins help control it too, as you're probably already aware.  And mind your Flash cookies (which Sandfox helps control as well).

Please let me know if you resolve the problem and I may include it in the instructions or default profile.  Thanks.

Awww yeah, i already know and using all that smile
But while lsof'ing i have noticed that ff is using /dev/null and /dev/urandom ... i remember i was reading somewhere something about that and it was related with security... https://bugzilla.mozilla.org/show_bug.c … 01605#c153 Wan-Teh Chang note is just a remain...

Edit: I belive it shall be good to bind those devs to firefox profile

Last edited by Vi0L0 (2010-02-07 01:52:22)

Offline

#17 2010-02-08 18:44:19

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Vi0L0 wrote:

I belive it shall be good to bind those devs to firefox profile

Agreed - thanks.

Offline

#18 2010-02-09 17:36:41

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Instructions have been added for starting Sandfox automatically at boot. This enables you to have a sandbox already open when the user logs in and starts programs, without the need to enter the root password.

Also, the default profiles have changed a bit in version 0.9.5. If you would like to see the new defaults, remove your /etc/sandfox folder and Sandfox will recreate the default profiles. If you are using an older firefox profile, it is suggested that you add "bind=/dev/urandom", as Firefox uses this for security purposes.

Offline

#19 2010-02-20 18:13:05

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Sandfox has been updated to 0.9.6.  Three changes:  Sandfox can now bind /dev/random without hanging, which may be necessary for printing in Firefox (my Firefox 3.6 crashes if I select File|Print without it).  It is suggested that you add "bind=/dev/random" to your Firefox profile, or delete your profile and Sandfox will recreate it with the new default.

Also, the copy and hide tmpfs size has been raised to 100MB.  You can also adjust this yourself by editing the line "tmpfslimit=100M" in the script.

And a user-contributed Skype profile has been added - feedback welcome.

http://igurublog.wordpress.com/download … t-sandfox/

Offline

#20 2010-03-05 18:51:22

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Sandfox - A Poor Man's Firefox Sandboxer

IgnorantGuru wrote:

Also, if anyone can comment on the bare minimum files that chroot and su requires in /etc, /lib, and /bin I'd be interested.  I didn't have time to research it fully yet so included all of /etc in the jail, but I'd like to trim that down.  (Users are free to do so by editing the default profile.)  Thanks.

You probably saw this, but just in case:
http://www.cyberciti.biz/tips/howto-lin … setup.html

L.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#21 2010-04-22 16:06:25

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Sandfox has reached version 1.0.0, meaning it has proved itself stable. Actually after running it for months I've had great results with it. The only change in this version is that /dev/urandom is now treated like /dev/random – both are not remounted to prevent mount hanging on some systems.

http://igurublog.wordpress.com/download … t-sandfox/
http://aur.archlinux.org/packages.php?ID=34261

Offline

#22 2010-05-10 22:10:49

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Sandfox has been updated to version 1.0.1.  The only change is that the default Firefox profile now includes these additional binds:

# required by Cups printing in Firefox
bind=/var/cache/cups        # Firefox starts faster
bind=/var/cache/fontconfig    # Firefox starts faster
bind=/var/run                # Firefox shows Cups printers

Recently I noticed that Firefox no longer showed my cups printer.  Binding /var/run was the solution.  (That should be secure enough, but for tighter security you might limit it further by only binding /var/run/cups and /var/run/cups.pid)

Also, a recent update to either Firefox or perhaps cups added a delay when the sandboxed Firefox started.  Adding the /var/cache binds above cured that.

You can add the above binds manually to your Firefox profile (/etc/sandfox/firefox.profile), or delete it and Sandfox will recreate it with the new default.

http://igurublog.wordpress.com/download … t-sandfox/
http://aur.archlinux.org/packages.php?ID=34261

Offline

#23 2010-10-18 18:27:50

IgnorantGuru
Member
Registered: 2009-11-09
Posts: 640
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Sandfox v1.0.3 is available.  This minor update corrects some problems Sandfox had maintaining sandboxes with similar names.

Offline

#24 2010-10-19 03:24:54

Gen2ly
Member
From: Sevierville, TN
Registered: 2009-03-06
Posts: 1,529
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

This is a great program and good idea this.  Thanks for the contribution.


Setting Up a Scripting Environment | Proud donor to wikipedia - link

Offline

#25 2010-10-24 23:01:25

Gen2ly
Member
From: Sevierville, TN
Registered: 2009-03-06
Posts: 1,529
Website

Re: Sandfox - A Poor Man's Firefox Sandboxer

Not sure what I did but sandfox starting firefox no longer works.  I troubleshooted by reading Getting Programs To Run Well In A Sandbox.  I ran 'sudo sandfox --verbose firefox' then in a seperate shell did 'sudo sandfox firefox' and it gave me this:

Executing /tmp/sandfox-events/firefox/firefox-b6b6fea5.sh...
Deleting /tmp/sandfox-events/firefox/firefox-b6b6fea5.sh...
>>> inotifywait -eq modify  "/tmp/sandfox-events/firefox"
No protocol specified
No protocol specified
Error: cannot open display: :0.0

Any ideas on what might be going on?


Setting Up a Scripting Environment | Proud donor to wikipedia - link

Offline

Board footer

Powered by FluxBB