this post was submitted on 23 Jun 2024
20 points (100.0% liked)

openSUSE

617 readers
2 users here now

openSUSE is an open, free and secure operating system for PC, laptops, servers and ARM devices. Managing your emails, browsing the web, watching online streams, playing games, serving websites or doing office work never felt this empowering. And best part? It's not only backed by one of the leaders in open source industry, but also driven by lively community.

founded 1 year ago
MODERATORS
 

So I often have to install and test different programs. I do not want programs to access the Internet immediately. After a while I might want to allow it, so it should be easy to allow or disallow internet access at the application level.

Basically I wonder if there is an easy way to do this. It seems that OpenSnitch can do this, but it doesn't seem to work on OpenSuse. I might be able to get it to work eventually, but before I spend hours tinkering with it, do you know of a better solution? Might this even be possible with the built-in firewall or AppArmor?

top 4 comments
sorted by: hot top controversial new old
[–] sandalbucket 7 points 4 months ago

Use network namespaces :)

A brand new network namespace doesn’t have any network interfaces. When you start a process in a namespace, all its child processes will start there too. It’s like a little network jail, and the functionality is baked into the kernel / is kernel enforced.

I use this to keep certain processes on a vpn, with no need for interface-binding support from the process, or a vpn-killswitch.

Another fun fact, this is the functionality that enables containerization, like docker/podman

[–] dogsnest 5 points 4 months ago* (last edited 4 months ago) (1 children)

First Solution Works

Also:

Firejail

eta: Firejail is available in most distros' repos.

The last reply in THIS thread includes a simple bash script to launch restricted apps.

[–] [email protected] 2 points 4 months ago

Firejail is great. I can recommend it.

[–] RelativeArea0 4 points 4 months ago

Heres my lazy and probably stupid way (im a nub btw)

  1. Only install flatpak apps.
  2. Install flatseal and manage every app using that.

Cons: might be a problem to manage if you got like 1000+ flatpak apps installed