Containerized office ?

[Alain De Vos]

People focus on running a browser in a jail.
But i'm interested in running libre-office and open-office in a jail.
How ? Because we can expect X forwarding problems.

 

[drhowarddrfine]

We can?

 

[mer]

Doesn't a browser need to X forward when run in a jail?

 

[kpedersen]

I do the following. Seems to work fine.

On host

# ln /tmp/.X11-unix/X0 /jail/myjail/tmp/.X11-unix/X0
# cp /home/myuser/.Xauthority /jail/myjail/home/myuser/.Xauthority

In jail

$ DISPLAY=:0 libreoffice

 

[Zare]

Why not use a standard tool (xhost) to manage access to the socket and treat the jail as remote host?

 

[kpedersen]

Why not use a standard tool (xhost) to manage access to the socket and treat the jail as remote host?

Mainly because I don't really want to get the network stack involved (even localhost / loopback). It is slower than UNIX sockets and a Libreoffice jail should probably remain completely isolated.

 

[Cath O'Deray]

Alain De Vos not browser-specific, is the post below of interest?

Running Jails as Unprivileged User, Take Two

• in particular, the comments from rykolepl.

---

…I am stuck. … Jail so created a regular user account but I can't launch Firefox despite …

john_rambo ▲ see above (I assume that your case is not yet solved) …

 

[zader]

not sure freebsd is the best tool for user based sandboxing .. you may want to look at openbsd, specifically pledge and unveil .. its more geared towards what your looking to do .. hopefully they will become apart of the freebsd base .. sooner then later..