Can LXC be used to jail instances of an installed browser?

Firejail is a Linux namespaces sandbox program that can jail Firefox or any other GUI software. It should work on any Linux computer.


Not directly. With technologies such as LXC or OpenVZ the applications inside them are essentially there own Linux boxes. So you'll need to do it "remotely" using tools such as X2go or VNC to see their remote desktops, or remotely display applications running inside them using X.

There is this tutorial which discusses how to do this using Debian/Ubuntu, but much of the steps should be translatable to other distros as well. The article is titled: Debian Virtualization: LXC Desktop Virtualization.


What desktop manager you are running does not matter; all that matters is that you provide the container with access to the Xwindows socket, the XAUTHORITY environment variable, and the file it points to.

Tags:

Browser

Lxc

Jails