SELinux sandboxing of X-based web browsers like standard Firefox using 'sandbox -X -t
sandbox_web_t ..' is common and appears to works well now. I wonder whether GNOME Web
(epiphany) admits a similar approach without the awkward construction of enforcing the X
backend via GDK_BACKEND=x11 and running it like before in an X sandbox. I tend to assume
that appropriate SELinux rules have not been implemented yet. Is this correct?
Note: I am only asking about SELinux sandboxing, not about using containers or virtual
machines which are alternative approaches.
Show replies by date