[sf-lug] Sandboxing Zoom
Ken Shaffer
kenshaffer80 at gmail.com
Tue May 26 16:34:00 PDT 2020
I put Zoom on two Kindle tablets to try out.
The little 6" Kindle Fire didn't have very good sound, but the 8" hdx
worked fine.
Nothing much of value on either one, except the network password. ;^D
Ken
On Tue, May 26, 2020 at 2:12 PM Bobbie Sellers <bliss-sf4ever at dslextreme.com>
wrote:
> You might want to take a look at Easy OS
> <https://easyos.org/>
>
> It does something similar to Qubes but with less
> complications for the user.
>
> Bobbie Sellers
>
> On 5/26/20 1:15 PM, Akkana Peck wrote:
> > It's great to have the option of all these virtual meetings
> > everybody's running now ... but I'm unhappy about needing to
> > install proprietary binaries like Zoom and Discord on my system.
> > I'd like to find a way of sandboxing them.
> > Are any of you sandboxing those untrusted proprietary apps?
> > How do you do it?
> >
> > I found something called firejail that sounded perfect. From the
> > description, it seemed to be sort of an easy chroot (that can also
> > wall off networking, devices, system calls and other services).
> > Sounded perfect! After a bit of fiddling with it, I had
> > firejail --private /path/to/sandbox zoom
> > running fine ... but then when I called up Settings to adjust where
> > recordings were stored, it still had full access to my homedir.
> > It wasn't in a chroot jail at all. (This may be specific to zoom:
> > I tried it with a couple other apps and they only saw the sandbox.
> > Maybe child processes aren't jailed?)
> >
> > So I set up an Ubuntu install inside virtualbox, and installed Zoom
> > there. That sorta works ... but the CPU load is ridiculous (this on
> > my fancy new Carbon X1 gen 7, I don't even want to think what it
> > would have been on my older machines), the fan is blasting at full
> > speed, everything is super laggy, and I get occasional warnings
> > that the high CPU use is causing a poor zoom experience (no kidding).
> > Zoom by itself, outside of virtualbox, doesn't use anywhere near
> > that kind of CPU load and has much better performance.
> >
> > Would kvm/qemu be less CPU hungry than virtualbox? Or should I be
> > looking at Docker? I've never tried Docker ... would it give me a more
> > effective sandbox than firejail? I've been avoiding it because when
> > I google, I find tons of "here's a pre-made Docker image for you"
> > and hardly any "here's how to set up your own Docker image".
> >
> > Any other good sandboxing options?
> >
> > ...Akkana
> >
> > _______________________________________________
> > sf-lug mailing list
> > sf-lug at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/sf-lug
> > SF-LUG is at http://www.sf-lug.org/
> >
>
>
>
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
> SF-LUG is at http://www.sf-lug.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/sf-lug/attachments/20200526/4953d8ab/attachment.html>
More information about the sf-lug
mailing list