| ▲ | nextos 2 days ago | |||||||
That's my opinion as well. I run Emacs 24/7 but I do so inside Firejail, with no network access. It's not architected with security in mind and exploits are too easy. The same can be said about the Linux userland. The Unix model of giving plenty of access to resources and any user file to user processes is outdated. I find it frustrating something like Firejail or bwrap is not standard. I don't want a compromised program to have easy access to e.g. my SSH keys. | ||||||||
| ▲ | internet_points 21 hours ago | parent | next [-] | |||||||
Do you use firejail for other things too? Say I'm developing a js project and have to do npm install and run-dev-server or something, would/could you use firejail with that (to avoid npm putting your ssh keys on pastebin due to bad third party js)? Would you firejail the whole bash session? I feel so worried every time I walk into a new ecosystem, and there are new developer tools required. They invariably want me to install things outside their project folder or edit .bashrc or require sudo. It's affecting my sleep. Just running `make` in the wrong folder can start downloading things. It's gotten so bad lately I'm even considering Qubes. | ||||||||
| ▲ | hollerith 2 days ago | parent | prev [-] | |||||||
>I run Emacs 24/7 but I do so inside Firejail Can you share your Firejail config? | ||||||||
| ||||||||