Today I want to write about how I can use it within Firefox.
You should not trust any data that I download from the internet. Even trustworthy sites have been hacked with acroread vulnerabilities.
How do you setup firefox to run sandbox -X evince on pdf files?
My first attempt failed. Firefox does not allow you to specify a full command string to run downloaded content in, I needed to create a simple shell script.
cat ~/bin/sandboxevince
#!/bin/sh
/usr/bin/sandbox -X evince "$@"
When you create this, remember to
chmod +x ~/bin/sandboxevince
In Firefox:
- Select the Edit->Preferences menu item, which brings up the "Firefox Preferences" dialog.
- Select "Applications" and entered pdf into the search dialog. This brought up evince as the default.
- Select the "use evince" menu and select other.
- Select ~/bin/sandboxevince
- Save
Now I go to my favorite site, and select a presentation
sandbox -X evince runs great !!!
You can go back and change all your acroread settings to use sandboxevince.
You can do the same for OpenOffice
cat ~/bin/sandboxooffice
#!/bin/sh
/usr/bin/sandbox -X ooffice "$@"
chmod +x ~/bin/sandboxooffice
I searched for doc and changed that to use sandboxooffice
I did notice that some extensions were not in the list. I had to go to a page with a odf file on it and tell firefox to use sandboxooffice for this type for now on.
BTW, Firefox leaks open file descriptors like a sieve, so I will need to add dontaudit policy to cover these up. Firefox developers know about the leaks but say "they can not do much about the leaks, since plugins get added with leaks all the time."
Now I can feel a little safer as I browse the web.
It would be really great if firefox gave the ability to run all helper apps within a single command.
Now off to do the same with thunderbird.
