Hello, I am new at Arch Linux and I only have some basic experience with linux in general so bear with me.
I want to isolate / sandbox a java applet running in firefox, but I can't figure out which way is the most simple and effective way to do it. I've heard and read a bit about SELinux, chroot and sandfox, thought I haven't used any of these yet. I want to sandbox this specific applet because of security and privacy issues to insure that the applet can't acces or write personal data.
I have also considered using a virtual machine, but I find that too inconvinient for this situation.
What would you recommend?
JVM is a virtual machine. With a policy file you can just about restrict every resource you could want to for anything that run in the jvm.
http://docs.oracle.com/javase/1.4.2/doc … ytool.html
Description and Use of Policy
http://docs.oracle.com/javase/7/docs/te … Files.html
Even Some more.
http://docs.oracle.com/javase/6/docs/te … urity.html