Looking for firejail / seccomp maintainer for better security!

(repost)

firejail is a sandbox to restrict the application environment.

Please contribute. Task:

  • play around with firejail in Whoinx
  • see how it goes
  • report (and possibly fix) issues upstream in firejail
  • test the Tor Browser firejail profile, consider packaging it
  • maintain firejail profiles in Whonix

This is a volunteer position.

Whonix firejail / seccomp development discussion:
https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment

Patrick started developing Whonix, the Anonymous Operating System in 2012, when quickly others joined efforts. He collected experiences working pseudonymous on Whonix for two years, enjoys collaboratively working on privacy preserving software.

Notable Replies

  1. Hi Patrick,Why not use the Xen Hypervisor for isolation since it can isolate at the GUI-level, which is essential for a desktop system.Unless of course firejail already has that feature Xen also includes other features that this program might not have heres a link with a full description of how xen differs from most other isolation solution http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html

    pls let me know your thoughts I would love to hear them!

    Anyway take care and stay healthy don't over work that genius brain of yours

  2. I can't volunteer because I have no experience packaging, but if someone makes better profiles I'll try them.

    I already run firejail using a modified /etc/firejail/firefox.profile for TBB (what the firejail author said he was doing).

    It works fine with both apparmor and firejail enabled at the same time (only a few extra tweaks to apparmor needed for files under /run/firejail).

  3. Because we already do with Qubes-Whonix and becuase firejail / seccomp is a protection layer at a different level.

    Yes, great! Testing will certainly help once we found a maintainer to work on this!

    Good to know!

    I'll post more questions here: https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment/1030

Continue the discussion forums.whonix.org

Participants