You are not logged in.

#1 2020-12-01 01:24:14

Registered: 2013-06-04
Posts: 31

Sandboxing suite for desktop programs

I've recently written a sandboxing suite and have been using it on my Arch desktop install. It handles a lot of boring set up stuff transparently, and thought it could be useful to others maybe.


Main features

  • Private home for programs

  • Shell interpreter access is removed in the sandbox

  • Access to number of binaries is minimized (via bubblewrap and AppArmor)

  • Fairly strict seccomp filters are supplied to bubblewrap

  • Fairly strict AppArmor profiles are generated

README "Profiles" section contains an overview of profiles ready to be used.


Board footer

Powered by FluxBB