Sandboxing
mal content
artifact.one at googlemail.com
Wed Nov 8 12:39:45 UTC 2006
Hi.
This is mostly hypothetical, just because I want to see how knowledgeable
people would go about achieving it:
I want to sandbox Mozilla Firefox. For the sake of example, I'm running it
under my own user account. The idea is that it should be allowed to
connect to the X server, it should be allowed to write to ~/.mozilla and
/tmp.
I expect some configurations would want access to audio devices in
/dev, but for simplicity, that's ignored here.
All other filesystem access is denied.
Ready...
Go!
MC
More information about the freebsd-security
mailing list