Comment on Chromium vs Brave
qwert230839265026494@sh.itjust.works 9 months agoYou’ve made my day. Thank you so much!
All you really need to do is run a single application within a container, not a whole distro!/os Why do I say this? Well resource consumption for one and why replicate an entire distro/os when an app can be run inside a container: bacchi.org/posts/brave-in-docker/
Mind-blown. I was already thinking for such a long time that the distrobox approach just didn’t seem right at all for the purpose of security. But somehow my limited search never bear any results on how I should go about it. Perhaps I didn’t do a good job on googling or somehow missed a (couple of) keywords to be effective at searching for this. And I seem to have finally found ‘the holy-grail’; for which all credits obviously go to you!
Additionally I spoke about attack vectors, running another distro/OS inside a docker may well have samba, ssh running by default, If the container for that is not firewalled that is is an attack vector that will allow RCE and exploits be run inside that container!
Exactly!
The first minute of that video talks of nginx webserver image, That is a webserver running inside a container, with distrobox you have the rest of the OS inside the container as well as nginx. Do you get what I say now?
Yup (or at least I hope so :P ). And I would have loved to share the feeling of my head/brains right now. Just bliss for finally finding the missing piece that has been (somehow) absent all this time.
I suggest you use the above link I gave to look into running just a browser within a container, drop distrobox (unless you need to test drive distros) and learn about running a single application within a container, when you can do that find a container framework that provides the security you want/like then run your “untrusted” applications in containers and rejoice with a slightly faster machine.
I will definitely! Are there any keywords beyond the ones mentioned in your excellent comments that I would need for an endeavor as such?
EDIT: Additionally wolfi is based on Alpine, This is a popular server distro, If you want to install wolfi you’ll need to know how to install alpine, which is similar to installing gentoo as it uses bootstrap images, don’t be surprised if the desktop experience is a bit …erm lacking as that is not the focus of alpine or wolfi ! Good luck
Wolfi was only mentioned as a ‘safer’ distrobox-container. It’s the only one accessible through Distrobox that I’m okay with using 😅.
Words can’t describe the epiphany I’m currently experiencing! Thanks again so much! I wish you and your loved ones the best! Heck, I would be fine with buying you a beer (or a cup of coffee :P ) or whatever. Please feel free to make use of ‘these services’ :P .
t0m5k1@lemmy.world 9 months ago
TBH I don’t use google search as all the results are there by SEO and algorithms, If I need a file type on a site …then it’s a different matter lol. I use DDG mainly and all I searched for was “brave browser in a container”
For more take a peak here: hub.docker.com
I’d suggest following a good guide for your OS to get a container framework running say docker (seeing as I linked to the hub there): docs.docker.com/engine/install/fedora/
Once the “Engine” is installed move on to the next sections to learn how to use it, bear in mind you really don’t need to make your own repo or pay a subscription as what you want is already out there provided by others.
Once you get things working and you have an application working in docker go check out the sites for the apps you use, check their github repos and you might find links to “Docker image” and then that means you can plonk it in a container, job done. For the applications you can’t easily find an image for consider going deeper and making your own, just follow the other examples you’ve used and to share them open a repo on github or gitlab.