This is also referred to as "Jail" or "Sandboxing" but in this case it is a good thing to be behind bars
This confined space lets you run your software safely without the whole world getting informed about your doings.
That is the point with a Jail - nothing gets out.
The kernel also contains Seccomb-bbf which stands for Secure computing mode.This is "simply" a sandboxing tool
In the old days you could create it and activate it with a double somersault while you scratched your head with your toes while drinking lots of
Not so anymore!
Firejail is a software that is light and will fix this for you without having to do anything. It will reduce the no. of security breaches.
Simply install it and start your program with
Code: Select all
firejail <PROGRAM>
Typically your Browser.
You will find Firejail in the AUR for Arch and Arch derivatives. Debian users can add the repo in /etc/apt/sources.list by adding this line:
Code: Select all
deb http://ftp.de.debian.org/debian jessie-backports main
(you may have to reboot after adding the line).
The download page also contains a rpm file that works just fine in Centos.
There is also a GUI called Firetools.
Just right-click on the app you want to start and run it in jail.
You will not notice any difference, but when you do a
Code: Select all
firejail --list
You do not need the GUI using alt+f2 and typing
Code: Select all
firejail firefox
to check out your installation you can do a
Code: Select all
firejail --audit
Easy as pie