[sf-lug] Sandboxing Zoom (etc.)
Akkana Peck
akkana at shallowsky.com
Thu Jun 11 09:54:42 PDT 2020
Michael Paoli writes:
> One can run Zoom strictly in browser, no plugins on the like needed.
> Some(/many?) computer-based conferencing systems do, or allow, likewise.
That sounds better: I like the way jitsi is contained inside
chromium. But how? Every time I try loading a zoom meeting link
in a browser, it either tries to run Zoom (if it's installed)
or xdg-open (otherwise). There's never a "run in browser" button
shown anywhere I can see it. Do I have to have some plug-in
installed first? I tried it just yesterday with an uncustomized
chromium in incognito mode, so I'm pretty sure this isn't some
personal setting like noscript getting in the way. But I've tried
in Firefox in the past and that didn't work either.
> Not familiar with firejail. There is, "of course", chroot,
I haven't had much luck setting up chroot environments by hand.
I always fall down a "just one more library" rabbit hole and after
a couple of hours of "I just need one more library" and I still
can't run anything, I give up. Are there programs that can help
set them up?
> And one thing many folks far too often get wrong.
> chroot and the like were *never* intended to secure processes
> running as root (superuser, UID 0). There are far too many ways
> UID 0 can relatively easily punch out of chroot restrictions
Interesting. I don't think it applies to the Zoom case but it's
good to know.
...Akkana
More information about the sf-lug
mailing list