On Tue, 19 Dec 2023 at 11:04, Jerome BENOIT <sphericaltrian...@rezozer.net> wrote:
> can we efficiently jail zoom ? Hi, my approach is to do that on my laptop by using grub to boot into various different Debian installations. Multiboot is un-fashionable, but I find it useful and versatile. Hard drives are plenty big enough to allow multiple operating systems installations. The 931GB spinning hard drive has 4 primary partitions, sizes are approximate: Z = 12GB boot X = 12GB standalone minimal Debian installation with /boot symlinked to /mnt/Z/X Y = 12GB standalone minimal Debian installation with /boot symlinked to /mnt/Z/Y LUKS2 = 895GB So basically there is unencrypted boot, and the majority of the drive is allocated to the LUKS2 encrypted partition. Plus there are a couple of minimal Debian installations, one of which has Zoom installed. The LUKS2 partition contains LVM volumes S = 12GB swap A, B, C, D, E = 5x 12GB Debian installations with /boot symlinked to /mnt/Z/{ABCDE} T = 149G data U = 497G data I have installed Zoom on partition Y, which does not contain cryptsetup tools, so the LUKS2 partition cannot be opened, which hides all my sensitive data from Zoom. When I want to do real work, I boot one of my encrypted A,B,C,D,E installations which can all access the common encrypted data in the T and U volumes.