On Tue, Jul 19, 2016 at 8:37 PM, pelzflorian (Florian Pelz) <pelzflorian@xxxxxxxxxxxxxx> wrote: > On 07/19/2016 07:03 PM, Carsten Mattner via arch-general wrote: >> This is a nice and useful project, but I think we could be served >> better in the short term by having supported firejail profiles >> for things like Firefox and LibreOffice that are easy to use. >> > > Firejail is a different design with less filesystem isolation. We should > have both, even in the long term. The more direct competitor to Firejail > is Bubblewrap, not Flatpak/pacpak. > > That said, the documentation on Firejail on the wiki seems to contain > the most important things. I’m not knowledgable enough about Firejail > though. Network namespaces are missing in the wiki instructions. I don’t > know if Firejail can restrict D-Bus access. In the past I could launch > an unrestricted Nautilus from a Firejail’d Icecat, but apparently that > no longer works. I don’t know enough about the advantages/disadvantages > over Bubblewrap; apparently there is some disagreement about the scope, > e.g. whether how Pulseaudio should be dealt with. FWIW I couldn't get Firejail's Firefox profile to work. What's the link for bubblewrap? It's such a generic term that it's hard to look up.
