[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Jailkit-users] How to jail Opera or Firefox...?
|
From: |
Hubert Havel |
|
Subject: |
Re: [Jailkit-users] How to jail Opera or Firefox...? |
|
Date: |
Mon, 07 Aug 2006 18:46:31 +0000 |
Hi Olivier,
Thank you for your directions.
Just to be sure that I am taking the correct approach to jail firefox;
this is a rough outline on how I envision this can be safely
implemented using Jailkit:
After creating a jailed user account (e.g. jane), and have
jailed the following modules (xauth, firefox, ssh...) along
with their associated libraries and font files under /home/chroot:
I would then open an unjailed user shell and type the following
sequence of commands to invoke jailed firefox?
su root
jk_chrootlaunch -j /home/chroot -u jane -g users -x \
/home/chroot/usr/bin/ssh -- -X -v address@hidden
(Question 1: Is it correct to execute SSH from same jailed user (jane)
account to the same account (jane) on the same machine (localhost)?
(Question 2: A SSH window would pop up at this point and I would
type the commands below into this SSH window?)
/home/chroot/usr/bin/firefox
(Question 3: In additional to xauth, firefox and ssh modules, is
there a networking module (e.g. kinternet) that I would need
to jail so that Firefox would be able to access the internet from
the jail?)
Thanks. Hubert.
From: Olivier Sessink <address@hidden>
Reply-To: address@hidden
To: address@hidden
Subject: Re: [Jailkit-users] How to jail Opera or Firefox...?
Date: Mon, 07 Aug 2006 08:04:26 +0200
Hubert Havel wrote:
> Hello Jailkit Users!
>
> Does anyone have any experience jailing Opera or Firefox?
>
> According to the Jailkit docs, you should be able to jail Firefox or
> Opera. If I am trying to
> jail opera, do I have to also jail X server too? I noticed the Xorg
> binary for the X server is
> a SUID program. Doesn't that makes it an unattractive candidate for
> jailing? Any help
> would be **GREATLY APPRECIATED**. I am running SuSE 10.1. Thanks.
I have jailed firefox. I start it with 'ssh -X' (X-forwarding) so I
don't need the X-server, I do need the x utility xauth to forward the
MIT-magic-cookie authentication. You also need all X fonts in the jail.
I used 'strace' to find everything that Firefox needs.
regards,
Olivier
_______________________________________________
Jailkit-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/jailkit-users
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
- [Jailkit-users] How to jail Opera or Firefox...?, Hubert Havel, 2006/08/06
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/07
- Re: [Jailkit-users] How to jail Opera or Firefox...?,
Hubert Havel <=
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/07
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Hubert Havel, 2006/08/17
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/21
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Hubert Havel, 2006/08/28
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/28
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Hubert Havel, 2006/08/29
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/30
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Hubert Havel, 2006/08/31
- Re: [Jailkit-users] How to jail Opera or Firefox...?, Olivier Sessink, 2006/08/31