I am a bit confused about this topic, would like some explanations and also to discuss some ideas.
Currently I use Flathub Firefox Flatpak due to:
- official Kinoite image with no nonfree packages from rpmfusion, less attack surface
- so: media codecs
- official support by Mozilla
- Containerization with portal integration, i.e. isolation from my system
Using ublue’s version of kinoite can help, for being not alone with possible issues. When I last checked though, rebase was not possible due to signing problems, which is probably something good.
Doing this manual override-replacement works too. There are two ways, the complete or the “just video codecs” variant, described in this post (link following)
I heard that the native app sandbox of Firefox and Chromium would be better than bubblewrap, which is used by Flatpak.
I dont know how this would be, as the native version has rw access to my complete home folder. It may be less protected against system files, but I am curious if that is true.
I only have a very rough understanding of SELinux. But I suppose, when configured very well, it gives great security.
Does every app need its own SELinux profile, or are there generic ones? I can’t imagine that every small Flatpak or even third party app has a SELinux profile.
Is Fedora Firefox better protected through SELinux than Flathub for example? Or mozillas binary in general, which the Flathub version executes inside the container?
A big reason not to use the Flatpak is hardware access, for Yubikey/Nitrokey etc. authenticators. But I think this should also be hardened, so that Firefox doesnt actually have all that access over all my drives?
Could someone elaborate what exactly Firefox can and can’t do, and if there are easy, non-breaking changes one could apply to give it less, but the needed permissions?
I tried using firejail but it was a buggy mess. Broke screenshots in several applications at once, not a great experience at all.
Also, can SELinux replace its functionality? I would prefer to use SELinux instead of using another community based software running in parallel.
Do you have any infos about differences here? I had pretty weird, and okay behavior with some apps.
Even if the browser itself is sandboxed, there may be a security hole that allows malware to change the browser itself. As its pretty much the core Part of every OS nowadays, that would be extremely critical.
- immutable Browser
- two versions, a verified image / directory containing the browser files
- the browser in use
- users can apply overrides, for example settings, user.js, Addons etc
- the rest gets overwritten by the up-to-date but unused browser image
This would only make sense if this “overwrite browser” would be secured somewhere no apps can write apart the core OS elements like rpm-ostree.
Question: is this viable, useful, overacting? Would this be something worth doing, at least in some scenarios?
Thanks in advance!