[sf-lug] Sandboxing Zoom

Bobbie Sellers bliss-sf4ever at dslextreme.com
Tue May 26 14:11:11 PDT 2020 

You might want to take a look at Easy OS
<https://easyos.org/>

It does something similar to Qubes but with less
complications for the user.

Bobbie Sellers

On 5/26/20 1:15 PM, Akkana Peck wrote:
> It's great to have the option of all these virtual meetings
> everybody's running now ... but I'm unhappy about needing to
> install proprietary binaries like Zoom and Discord on my system.
> I'd like to find a way of sandboxing them.
> Are any of you sandboxing those untrusted proprietary apps?
> How do you do it?
>
> I found something called firejail that sounded perfect. From the
> description, it seemed to be sort of an easy chroot (that can also
> wall off networking, devices, system calls and other services).
> Sounded perfect! After a bit of fiddling with it, I had
>       firejail --private /path/to/sandbox zoom
> running fine ... but then when I called up Settings to adjust where
> recordings were stored, it still had full access to my homedir.
> It wasn't in a chroot jail at all. (This may be specific to zoom:
> I tried it with a couple other apps and they only saw the sandbox.
> Maybe child processes aren't jailed?)
>
> So I set up an Ubuntu install inside virtualbox, and installed Zoom
> there. That sorta works ... but the CPU load is ridiculous (this on
> my fancy new Carbon X1 gen 7, I don't even want to think what it
> would have been on my older machines), the fan is blasting at full
> speed, everything is super laggy, and I get occasional warnings
> that the high CPU use is causing a poor zoom experience (no kidding).
> Zoom by itself, outside of virtualbox, doesn't use anywhere near
> that kind of CPU load and has much better performance.
>
> Would kvm/qemu be less CPU hungry than virtualbox? Or should I be
> looking at Docker? I've never tried Docker ... would it give me a more
> effective sandbox than firejail? I've been avoiding it because when
> I google, I find tons of "here's a pre-made Docker image for you"
> and hardly any "here's how to set up your own Docker image".
>
> Any other good sandboxing options?
>
>           ...Akkana
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
>

More information about the sf-lug mailing list