diff options
Diffstat (limited to 'todo')
| -rw-r--r-- | todo | 20 |
1 files changed, 20 insertions, 0 deletions
| @@ -35,3 +35,23 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock | |||
| 35 | 8. profile for dillo | 35 | 8. profile for dillo |
| 36 | Also, in dillo open a directory (file:///etc), when the browser window is closed the sandbox still remains active. | 36 | Also, in dillo open a directory (file:///etc), when the browser window is closed the sandbox still remains active. |
| 37 | This is probably a dillo problem. | 37 | This is probably a dillo problem. |
| 38 | |||
| 39 | 9. --force sandbox in a overlayfs sandbox | ||
| 40 | |||
| 41 | $ sudo firejail --overlay | ||
| 42 | # su netblue | ||
| 43 | $ xterm & | ||
| 44 | $ firejail --force --private | ||
| 45 | Parent pid 77, child pid 78 | ||
| 46 | Warning: failed to unmount /sys | ||
| 47 | |||
| 48 | Warning: cannot mount a new user namespace, going forward without it... | ||
| 49 | Child process initialized | ||
| 50 | |||
| 51 | Try to join the forced sandbox in xterm window: | ||
| 52 | $ firejail --join=77 | ||
| 53 | Switching to pid 78, the first child process inside the sandbox | ||
| 54 | Warning: seccomp file not found | ||
| 55 | Warning: seccomp disabled, it requires a Linux kernel version 3.5 or newer. | ||
| 56 | $ ls ~ <----------------- all files are available, the directory is not empty! | ||
| 57 | |||