jails and browsers

johnjohn

johnjohn

Hello everyone,

I do not want to post in the wrong forum so i picked off-topic. I am sorry if this is also wrong.

I found a webpage that has instructions for running a browser in a jail:
www.tumfatig.net

Web Browser in FreeBSD Jail: Librewolf

While discovering FreeBSD Jails, I wrote on how to run a web browser inside a FreeBSD jail . Time has passed and a couple of testing later, I ended up changing a bit the way I use my Web Browser jails.
www.tumfatig.net

the guide states that it works in FreeBSD 14. I tried it today but i get errors in a couple of places and Firefox will not launch (display environment variable not specified error.) For one thing, the first zfs command fails in my FreeBSD with an error (-o compres=lz4). I just typed what the person has in the guide but i think that we are supposed to have shared folders on the host and in the jail (with the same name). The handbook shows zfs create commands to make directories but he is using mount += commands. I'd like to know how to correct this guide and make it work. I can understand basic French and i have a Downloads folder (Telechargements) but i skipped the Public directory. How can i get xorg to launch with Firefox instead of receiving the display variable error?

Thank you for taking time to read. I hope that you have a pleasant day,
John
 
Nah, you're good with offtopic IMO.. In fact, just my 2 cents (!) but kudo's on being mindfull in my book!

Now, I'm not gonna read all that but... running a browser inside a jail shouldn't be much of an issue. But running an X server otoh... that's a whole different beast and probably the thing which is going wrong here. I mean... easily proven: install www/lynx in a jail, give it a try, done.

Anywhoo... I am not fluent with X but .. in this situation I'd go for forwarding. So: have the process running on the host while sending all the graph data to the client. This is a good read I think:

F

Thread 'Jailed desktop (full desktop environment inside a FreeBSD jail)'

I was hoping to install XFCE inside of a jailed environment. The idea behind this undertaking is to keep the base FreeBSD (jail host) with a very limited set of software and run a desktop client inside a jail. Thank you for replying.

I forgot to mention that I read some ways to do it from few years ago, but I was hoping to get acquainted with other methods.
 
Hello ShelLuser and rbranco,

Thank you for the replies, i appreciate you taking time to help a newbie :)

the link is a good read, thank you. I look at it this way: at least i have gained more experience working with jails and that is a positive experience. I got my first taste of jails and i did it correctly. That stubborn xorg doesn't want to play nice but that is okay. I understand the concept in this situation and it is indeed tricky on the programming side. I'll keep reading about this subject but for now, i am happy to have learned something new.

rbranco podman as root is not a good idea but i appreciate the wisdom. I did not know about podman or docker, so i learned something new from your post. The wheel of wisdom keeps on rollin' and that is a good thing for all of newbies.

Much appreciated! I am hoping that FreeBSD includes unveil(2) in future versions and that will be just as good as jail in many aspects of privacy.

I hope that you find time to relax and enjoy the day :)
 
Hi NapoleanWilson,

Wow! more than i expected. I will run this code as soon as possible and let you know how it goes. I'm sorry for the late reply. I have been quite busy today. I promise to build this jail and test the code. But i still want to learn how to do it on my own, so your code is very helpful to get an understanding of this process. Much appreciated :)

Jails are somewhat easy and difficult at the same time,
John
 
hi mate, no problem

take it step by step
slow and steady wins the race

read the man pages for the commands as you go along
and refer to the handbook

always a good idea to know what commands do before you press return

any problems give me a shout
 
You must log in or register to reply here.
Back
Top