September 18th, 2009

How do I use sandbox -X

A couple of days ago I blogged about a cool new feature in Fedora 12 called sandbox -X.

Today I want to write about how I can use it within Firefox.

You should not trust any data that I download from the internet.  Even trustworthy sites have been hacked with acroread vulnerabilities.

How do you setup firefox to run sandbox -X evince on pdf files?

My first attempt failed.  Firefox does not allow you to specify a full command string to run downloaded content in, I needed to create a simple shell script.

cat ~/bin/sandboxevince
/usr/bin/sandbox -X evince "$@"

When you create this, remember to

chmod +x ~/bin/sandboxevince

In Firefox:

  • Select the Edit->Preferences menu item, which brings up the "Firefox Preferences" dialog.

  • Select "Applications" and entered pdf into the search dialog.  This brought up evince as the default.

  • Select  the "use evince" menu and select other.

  • Select ~/bin/sandboxevince

  • Save

Now I go to my favorite site,  and select a presentation

sandbox -X evince runs great !!!

You can go back and change all your acroread settings to use sandboxevince.

You can do the same for OpenOffice

cat ~/bin/sandboxooffice
/usr/bin/sandbox -X ooffice "$@"

chmod +x ~/bin/sandboxooffice

I searched for doc and changed that to use sandboxooffice

I did notice that some extensions were not in the list.  I had to go to a page with a odf file on it and tell firefox to  use sandboxooffice for this type for now on.

BTW,   Firefox leaks open file descriptors like a sieve, so I will need to add dontaudit policy to cover these up. Firefox developers know about the leaks but say "they can not do much about the leaks,  since plugins get added with leaks all the time."

Now I can feel a little safer as I browse the web.

It would be really great if firefox gave the ability to run all helper apps within a single command.

Now off to do the same with thunderbird.