You do use Firejail, don't you?
>>62317309
How is that compared to iptables?
Yes, definitely when using Linux.
t. OpenBSD user
>>62317342
Not comparable at all since it performs a different function. It would be closer to AppArmor in functionality but writing rules for Firejail is much simpler while still enhancing security and allowing you to "hide" personal files from applications.
>>62317309
No, I run firefox as root
It's developed by 2 people and both use anonymous accounts. I've never heard anyone competent recommending it. No distro ships it by default. Lack if trust is my reason not to.
>>62317309
Yes. All my browser allowed to run with it.
>>62317962
It's open source so why shouldn't you trust it just because the developer is anonymous?
https://github.com/netblue30/firejail
>>62318318
It's written in C so most likely full of vulnerabilities, how can I trust it if it hasn't been audited?
>>62317342
kys
>>62317309
No. I use Tomoyo. I hope that's ok.
>>62319421
>>62319193
This is why we can't have nice things.
>>62319193
It has some audit year ago but haven't managed to find public results
>>62317309
is this a chroot for dumb people that come from ubuntu?
>>62317367
does openbsd have something equivalent
>>62320585
No, it's different from chroot (change root). A chroot jail just changes root directory. For example if you set /home/faggot/chroot as your chroot jail then anything outside of that location will simply not "exist" since the system will think that it's the root directory and normally it won't go past that (now if you have root privileges this can be bypassed and therefore you shouldn't bother with chroot if you're running untrusted programs with root privileges).
With Firejail your root directory is still the same as usual but it tries to reduce attack surface by restricting access to certain resources as well as removing unnecessary privileges.
https://wiki.archlinux.org/index.php/Firejail
>>62317309
Only when using Evince.
And, even then, I still don't feel safe.