Hacker News new | past | comments | ask | show | jobs | submit login

It looks neat, but I'm not familiar with most of the tools and concepts mentioned on its page, so if I were to use it, I'd mostly do so as a "fire and forget" and then hope it does its thing properly. Looking at the readme, that means I'd run `firecfg --fix-sound`, then `sudo firecfg`, and then after a logout and login never look back at it.

Would you (or anyone else) happen to know if there's any risks for an unknowledgable user like me to do that, e.g. of breaking my system without knowing how to repair it?




I am far from expert in this but I am not sure I would be comfortable automatically configuring all my apps to run through Firejail using firecfg (if only because in case of breakage it would be harder to understand where it is coming from).

In my workflow, I keep things mostly manual and configure each app I want to sandbox explicitly by creating a shortcut (usually I create a "launcher" in /usr/local/bin so that it takes priority over whatever is in /usr/bin). Here is the one I have for Firefox as an example in "/usr/local/bin/firefox":

firejail --profile=/etc/firejail/firefox.profile --private=~/.sandboxes/firefox/ /usr/bin/firefox --no-remote $@

In terms of risks, are you mostly concerned about security risks? Or breakage?


Thanks. I'm concerned about both, but I suppose I consider breakage to be the biggest risk for something of which I hardly know what it does.

Your approach sounds viable though, so I might look into setting something similar up for myself as well. Thanks for sharing.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: