this post was submitted on 20 Jun 2023
9 points (100.0% liked)
Arch Linux
7791 readers
5 users here now
The beloved lightweight distro
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Here's how I run Firefox, for instance:
Using this for about 5 years. Ran
strace
on a session to see what to allow access to. It's got full access to/lib
and too much access to/sys
b/c I'm lazy, but it can not see any executables or most of~
.I'm using something similar whenever I want to precisely isolate a program.
Thank you for this. But if I may ask can you tell me what some of these options do? I can understand what some of these do just by looking, like giving directory access.
Will this work on my system where I use a combo of Wayland + Pipewire?
Check
bwrap(1)
for details, it's all there.Yes, and yes.