Xfce Forum

Sub domains

You are not logged in.

#1 2016-04-15 20:32:31

Registered: 2015-09-05
Posts: 37

Security, workspaces and isolated/restriczed processes

Hi All !

I just try to find a way, where I can run a webbrowser in a more isolated environment.
This ends most of the time in running it inside a LXC container or such.

Also this is really a bit complex, there is probably a easier way using 'cgroups'
which is about limiting resources, like networks/filesystems etc. pp. Example:

Per process routing take 2: using cgroups, iptables and policy routing and here
Using Linux Network Namespaces for per processes routing

If one can put processes into a cgroup, one can give them a custom routing oder even ip-address,
which is much easier to filter, ether locally (with iptables) or at the firewall.

So a very wonderful hit could be, to start all processes inside a given XFCE workspace inside
a separate cgroup. For this case, a colored border of such a workspace could give a good
extra hint to remember.

I am, sorry, not that type of linux insider, that I [currently ;-) ] could do this by myself.
Just a thinking about the future of XFCE ... ;-)

Comments are welcome too!

Best regards,


Board footer

Powered by FluxBB