Jail
While discovering FreeBSD Jails, I wrote on how to run a web browser inside a FreeBSD jail . Time has passed and a couple of testing later, I ended up changing a bit the way I use my Web Browser jails.Continue reading...
Using OpenBSD as a daily driver, I got used to having programs being restricted in their permissions. Especially Web Browsers from ports that are patched to implement pledge(2) and unveil(8). Long story short, this guarantees that Firefox, Chromium & friends will get killed if they try to access system resources that they were not allowed to access; be it a device or a file system space.
FreeBSD 14.1, AFAIK, does not implement such feature. And getting a bit paranoid because of “Fish Linux” , I decided my FreeBSD Web browsers should be living in jail.Continue reading...