Hacker News new | past | comments | ask | show | jobs | submit login

I have an ephemeral container (systemd-nspawn with -x switch) with almost-default configuration of firefox (only uBlock Origin added) for such websites. After I'm done, I close the browser and everything gets deleted.



I do approximately the same in macOS:

/Applications/Firefox.app/Contents/MacOS/firefox" --no-remote --profile "$(mktemp -d)


Mine has the advantage of the browser processes not having access to anything important, in case of a RCE vulnerability. An attacker would just see a vanilla debian install with no juicy user data, and only the ~/Downloads directory linked from my "real" system.


Isn't it what the "private browsing" option of Firefox does?


Mostly, yes. The bonus is you don't use your normal settings + extensions. Which also means ALL websites work, regardless of privacy related settings that might break some websites. So it's a handy alternative.


That sounds very cool! Do you have that setup documented somewhere, or perhaps even pushed it to some public repo?


I do not, sorry. I have to set up a blog some day, but I have been putting it off because most of the time I can't think of anything interesting to say. :)

Anyway, I was mostly inspired by an article on how to set up Steam in a container - it has all the details, including how to pipe Pulseaudio inside (so in my case, Youtube videos in Firefox can have sound). Except mine is debian-based (so debootstrap instead of pacstrap to populate the container).

http://ludiclinux.com/Nspawn-Steam-Container/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: