Skip to content

Latest commit

 

History

History
68 lines (47 loc) · 2.01 KB

README.md

File metadata and controls

68 lines (47 loc) · 2.01 KB

Run Firefox in unprivileged podman container

  • With audio (assuming host uses pulse)
  • With video
  • root account not involved

Why

  • Improve host system isolation from potentially harmful code running in the browser
  • Make tracking of your internet presence a little bit harder

Run

IMPORANT - close firefox if it's already running.

If you have podman:

make build
make run

If you prefer docker:

make build DOCKER=docker
make run DOCKER=docker

Hardening

Firefox will, by default, run with hardened user.js preferences. If you prefer raw firefox settings then run like this:

make run_no_hardening

Troubleshooting

  • If you are using podman and fall into weird issues while running this container please check if your /etc/containers/seccomp.json diverted from https://raw.githubusercontent.com/containers/common/main/pkg/seccomp/seccomp.json To check if seccomp.json might be an issue add --security-opt seccomp=unconfined to podman run options. It is also possible to use downloaded seccomp.json by adding following to podman run options: --security-opt seccomp=/path/to/the/seccomp.json

Thanks

People maintaining ArchLinux:

Authors of arkenfox user.js

Authors of this page:

Great teams building products I love:

Good souls who like to help others:

Many other giants