Do you run Firefox inside a jail ?

Alain De Vos said:
What's the advantage of running firefox in a jail ?
Click to expand...
Low if you have vulnerable OS/pkg's are in use. That is why servers don't have browsers. How much useful are general users to the interested parties. Probably only my identity and banking activities are at stake.
 
Alain De Vos said:
What's the advantage of running firefox in a jail ?
Click to expand...
There are a few.
  • You can contain the cancerous spread of dependencies and general cruft that Firefox spams all over your system.
  • When firefox gets compromised, nothing can access your useful / private data.
  • When you want to clean up firefox and / or remain on the update treadmill, you can just blow away the entire userland and fetch a whole new version and dependencies, ensuring there will be no conflicting cruft remaining.
In fairness, a plain chroot is also pretty close.

If a (typically GUI) application has more than half a dozen or so dependencies, I tend to stick it in a chroot/jail just for good housekeeping. Its a bit like flatpak but not crap.
 
I would like to disagree.
* You can contain the cancerous spread of dependencies and general cruft that Firefox spams all over your system.
-> The dependencies of firefox move from the host to the jail . The dependencies remain.

FreshPorts -- www/firefox-esr: Web browser based on the browser portion of Mozilla

Mozilla Firefox is a free and open source web browser descended from the Mozilla Application Suite. It is small, fast and easy to use, and offers many advanced features: o Popup Blocking o Tabbed Browsing o Live Bookmarks (ie. RSS) o Extensions o Themes o FastFind o Improved Security
www.freshports.org www.freshports.org

* When you want to clean up firefox and / or remain on the update treadmill, you can just blow away the entire userland and fetch a whole new version and dependencies, ensuring there will be no conflicting cruft remaining.
-> If i want to clean my host from firefox i only need to do.
Code: 
rm -fR /home/mysuser/.cache /home/myuser/.mozilla
 
Alain De Vos said:
What's the advantage of running firefox in a jail ?
Click to expand...
You can also limit how much RAM firefox can hog, supposedly. rctl(8) works on jails and specific-number processes. I'm in the middle of reading a klarasystems article about that. Basic idea, if you apply rctl(8) to the jail that has firefox in it, this just might work. But like I said, I'm in the middle of exploring that.
 
Alain De Vos said:
I would like to disagree.
* You can contain the cancerous spread of dependencies and general cruft that Firefox spams all over your system.
-> The dependencies of firefox move from the host to the jail . The dependencies remain.
Click to expand...
Yes, but they haven't metastasized into your main host system.
Alain De Vos said:
Code: 
rm -fR /home/mysuser/.cache /home/myuser/.mozilla
Click to expand...
You need to do more than that to kill all the malignant cells.
 
You must log in or register to reply here.
Back
Top