Hello.
In an effort to isolate Firefox (or any graphical browser) from my user
account, I have added a 'firefox' user and group, added 'firefox' user
to sshd_config to allow x11 forwarding, and ran the following commands:
$ Xephyr :1
$ ssh -Yf firefox@localhost firefox --display :1
This can be made nicer with a window manager, but I don't think that is
important here.
From what I understand, this will prevent Firefox from having access to
my display, such as keystrokes and mouse movement. It will also prevent
Firefox from having access to my go-rwx files, and modification
permissions to my files. This sounds like all of the isolation I want
from Firefox, while still being able to use it.
I would like to know if I am missing or forgetting anything. I don't
think a chroot for Firefox will gain me much. Other options include
using pf and systrace, but again I don't think this would gain me much.
Thanks
