Hehe :P . True dat. Maybe one day ;) . Perhaps I’ll just spin up a distrobox in order to get access to Brave through the AUR, but this (excellent) article has worsened my already bad paranoia to clearly unhealthy levels 🤣. So, it seems out of question for now 😅. Though I might be able to spin it up in a Wolfi container. Pessimism doesn’t help though 🤣.
Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.
Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.
The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.
The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.
Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?
qwert230839265026494@sh.itjust.works 1 year ago
Hehe :P . True dat. Maybe one day ;) . Perhaps I’ll just spin up a distrobox in order to get access to Brave through the AUR, but this (excellent) article has worsened my already bad paranoia to clearly unhealthy levels 🤣. So, it seems out of question for now 😅. Though I might be able to spin it up in a Wolfi container. Pessimism doesn’t help though 🤣.
t0m5k1@lemmy.world 1 year ago
Man you’ve gone down a security worm hole that makes me wonder if you should really be running qubes-OS rather than Fedora 🤣.
Seriously if you need more than the chromium sandbox for brave and want simplicity just use firejail.
The article you linked to is a wonderfully detailed write up but it is more geared towards those using containers that will be providing services (web, sql, etc) if you just want a browser in a secure container then any of the implementations will be fine for you. The browser is not a vector used to gain access to your OS directly but what you download potentially is so with that in mind your downloads folder should really be a CLAMFS folder or a target folder for on-access scanning by clamav.
qwert230839265026494@sh.itjust.works 1 year ago
Hahaha 🤣. Honestly I would, if my device could handle.
Madaidan strikes (yet) again. F*ck my paranoia…
Very interesting insights! Thank you so much! Would you happen to know of resources that I might refer to for this?
t0m5k1@lemmy.world 1 year ago
Question: Why do you think need such high security for a browser?
Clam av on access scan: wiki.archlinux.org/title/ClamAV#OnAccessScan
ClamFS: github.com/burghardt/clamfs