-
Let's make use of systemd sandboxing mechanisms to harden all services by default, whitelisting any services where necessary.
* Big time advantage: not bothering to sandbox single services one by o…
-
### Description
7f3b6c19a0a87bfd240af7c0c9d61ae907668ce6 (#5274) has resulted in firefox being broken on Kubuntu 21.10 (impish).
`apparmor-profiles` and `apparmor-profiles-extra` are installed.
…
-
## Description
On a firejail sandboxed instance of firefox based browsers on swayWM, if the cursor is changed inside the browser, it has trouble changing back. This is most notable when the cursor is…
-
Our system pods should run using security best practices, both to enhance cluster security and serve as examples of best practices to users. We should audit all our system pod Dockerfiles, and make su…
-
I'd like the sandbox (or a similar command that's more powerful, perhaps called sandcastle :stuck_out_tongue_winking_eye: ) to support limiting network connections per host and file operations per pat…
-
# Primer
Dangerzone currently uses two containers (Docker containers on MacOS/Windows, Podman containers on Linux) for the conversion process:
- The first container accepts a suspicious document…
-
After upgrading to buster/lxc 3, some services fails when using buster-based containers - most noticeable:
apache2,
mariadb-server (mysql)
dovecot
-
* [x] This is a bug report
* [ ] This is a feature request
* [ ] I searched existing issues before opening this one
### Expected behavior
```bash
docker run hello-world
# works
```
###…
vsoch updated
5 years ago
-
## Project description
Sometimes it is useful to employ 3rd-party software (which might be closed source) that you can not fully trust. Currently, there is no user-friendly way – at least that I am…
-
If the snap is installed in the `devmode`, everything works correctly, however, if it's installed in `strict`/`dangerouse`, the systray icon is not working correctly.
### Installed in `devmode`
…