You are not logged in.
- Topics: Active | Unanswered
#1 2016-01-05 17:39:08
- maggie
- Member
- Registered: 2011-02-12
- Posts: 255
Safer browsing by using a linux container?
Do other people use a linux container or docker with a browser used only for online banking? It seems like this would be best for security if the browser profile was used only for this purpose.
Offline
#2 2016-01-05 17:54:23
- graysky
- Wiki Maintainer
- From: :wq
- Registered: 2008-12-01
- Posts: 10,696
- Website
Re: Safer browsing by using a linux container?
I can understand a separate profile but I don't see what you're going for with the lxc or docker container.
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Online
#3 2016-01-05 18:28:24
- drcouzelis
- Member
- From: Connecticut, USA
- Registered: 2009-11-09
- Posts: 4,092
- Website
Re: Safer browsing by using a linux container?
What would be the benefits of any sort of "advanced setup" like that? No matter what you do, you'll still be using the same username and password connected to the same Internet.
Offline
#4 2016-01-13 07:25:20
- samlung
- Member
- Registered: 2015-12-19
- Posts: 10
Re: Safer browsing by using a linux container?
you want the opposite. you want to put your non-banking activities in a container, so they don't affect your banking. then sure you can put banking in a container if you want but that's less important.
I found lxc/docker to be the least appropriate tool for this in most cases. alts: https://wiki.archlinux.org/index.php/Se … plications
Offline
#5 2016-01-13 08:11:45
- Head_on_a_Stick
- Member
- From: The Wirral
- Registered: 2014-02-20
- Posts: 8,778
- Website
Re: Safer browsing by using a linux container?
For online banking, try Qubes on a live USB stick.
See http://invisiblethingslab.com/resources … ration.pdf
Alternatively, steal all their ideas and implement them in Arch 
Jin, Jîyan, Azadî
Offline
#6 2016-01-13 21:31:37
- Leonid.I
- Member
- From: Aethyr
- Registered: 2009-03-22
- Posts: 999
Re: Safer browsing by using a linux container?
Do other people use a linux container or docker with a browser used only for online banking? It seems like this would be best for security if the browser profile was used only for this purpose.
Yes, that's what I do, only in reverse. On the main system, I only use links(1) for general browsing and FF for banking/other authenticated services. Then, there is an LXC container with chromium where I do browsing to "not-so-trusted" websites, like registration for conferences, booking tickets, shopping etc (no, I don't mind my credit card stolen).
Note, that you still need to figure out how to use the browser inside container. I simply do ssh -Y, but this is obviously non-ideal for video as ssh consumes lots of CPU. I also don't do multimedia, so my container can not access most of the hardware (in particular, audio, joystick, etc.), you may need to fix that.
Also note, that in Arch LXC is not secure (root in container is root on the host). It is sufficient for isolation/thwarting most attacks because the attacker still needs to elevate priveleges from your user inside container, but if you know that a site is going to do arbitrary code execution on your system, that code may break out. In those situations, do a complete virtualization.
EDIT: By "container", I mean a comlete linux-based (Arch, Debia, etc.) install, not merely a browser process.
Last edited by Leonid.I (2016-01-13 21:34:52)
Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd
Offline