Using OpenBSD as a daily driver, I got used to having programs being restricted in their permissions. Especially Web Browsers from ports that are patc

Running Web Browsers in FreeBSD Jail

submited by
Style Pass
2024-11-19 10:30:15

Using OpenBSD as a daily driver, I got used to having programs being restricted in their permissions. Especially Web Browsers from ports that are patched to implement pledge(2) and unveil(8). Long story short, this guarantees that Firefox, Chromium & friends will get killed if they try to access system resources that they were not allowed to access; be it a device or a file system space.

FreeBSD 14.1, AFAIK, does not implement such feature. And getting a bit paranoid because of “Fish Linux” , I decided my FreeBSD Web browsers should be living in jail.

Once FreeBSD is installed, it is time to read the Chapter 17. Jails and Containers section of the Handbook. Another precious reading is Jailing GUI Applications , from the FreeBSD wiki. Complete the reading session with the man pages.

There were two choices: Thick or Thin Jails. I went for the first one because it allows some kind of independence regarding the host system.

Leave a Comment