diff options
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -35,3 +35,23 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock | |||
35 | 8. profile for dillo | 35 | 8. profile for dillo |
36 | Also, in dillo open a directory (file:///etc), when the browser window is closed the sandbox still remains active. | 36 | Also, in dillo open a directory (file:///etc), when the browser window is closed the sandbox still remains active. |
37 | This is probably a dillo problem. | 37 | This is probably a dillo problem. |
38 | |||
39 | 9. --force sandbox in a overlayfs sandbox | ||
40 | |||
41 | $ sudo firejail --overlay | ||
42 | # su netblue | ||
43 | $ xterm & | ||
44 | $ firejail --force --private | ||
45 | Parent pid 77, child pid 78 | ||
46 | Warning: failed to unmount /sys | ||
47 | |||
48 | Warning: cannot mount a new user namespace, going forward without it... | ||
49 | Child process initialized | ||
50 | |||
51 | Try to join the forced sandbox in xterm window: | ||
52 | $ firejail --join=77 | ||
53 | Switching to pid 78, the first child process inside the sandbox | ||
54 | Warning: seccomp file not found | ||
55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. | ||
56 | $ ls ~ <----------------- all files are available, the directory is not empty! | ||
57 | |||