Sandbox your browser

Good Day Community,

If you are like me and worried about compiling Brave with npm etc, you could always sandbox your browser.
If you’re wondering what sandboxing is, exactly, here is a link:

This is how I did in on my Manjaro install (Arch-based).

Step 1) Install Firejail

On ubuntu/mint/elementary/debian/deepin it should be:

sudo apt-get install firejail

Step 2) Linking your browser execution file to firejail - this will allow you to open brave without “running” firejail explicitly.

Manually/Explicitly, one could run, which would run brave inside a sandbox

firejail brave

Top automate it, you simply type

ln -s /usr/bin/firejail /usr/local/bin/brave

To test if you have been successful, you simply launch Brave, open a terminal while brave is open and execute the command:

firejail --list

This should yield two entries, one where it show firejail is running and secondly, the firejail brave is running.

I hope this helps.

Source:
https://wiki.archlinux.org/index.php/Firejail

4 Likes

For Windows nerds, use Sandboxie:
https://www.sandboxie.com/

3 Likes

when i run

firejail Brave  :heavy_check_mark:
Reading profile /etc/firejail/default.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc

** Note: you can use --noprofile to disable default.profile **

Parent pid 4219, child pid 4220
Warning: /sbin directory link was not blacklisted
Warning: /usr/sbin directory link was not blacklisted
Child process initialized in 71.19 ms
zsh:1: command not found: Brave

Parent is shutting down, bye…

not work

I have the same problem.
Reading profile /etc/firejail/brave.profile
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 7575, child pid 7576
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Child process initialized in 89.46 ms
panic: permission denied

goroutine 1 [running]:
github.com/snapcore/snapd/snapdtool.ExecInSnapdOrCoreSnap()
/build/snapd-vPA75c/snapd-2.58+22.04/snapdtool/tool_linux.go:205 +0x40e
main.main()
/build/snapd-vPA75c/snapd-2.58+22.04/cmd/snap/main.go:443 +0x45

Parent is shutting down, bye…

I am still having the same problem, i am unable to start the browser due to the following

Reading profile /etc/firejail/brave-browser.profile
Reading profile /etc/firejail/brave.profile
Reading profile /etc/firejail/chromium-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-exec.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-run-common.inc
Reading profile /etc/firejail/whitelist-runuser-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 897832, child pid 897833
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Child process initialized in 206.95 ms
Error: no suitable /usr/bin/brave-browser executable found

Parent is shutting down, bye...

When will a proper executable be generated that can run again?

That is a sandbox in a sandbox. Makes no sense. Same would be launching firejail in firejail.