653
And then you get hooked on it and start using it for real
(sh.itjust.works)
I use Arch btw
Sister communities:
Community rules
Please report posts and comments that break these rules!
Yeah, that should work too... but you don't get to see any of your local files...
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
It doesn't have user isolation yet, so if it escapes the browser and the chroot (which doesn't have a
/proc
unless you setproc = /proc;
, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).