Y
Hacker News
new
|
ask
|
show
|
jobs
by
gwicke
3606 days ago
At Wikimedia, we are using firejail to lock down services. We encountered some bugs in older versions, but those have since been fixed. Overall, it has been working fairly well for us.
1 comments
Scaevolus
3606 days ago
What made you choose Firejail over alternatives like Docker?
link
microtonal
3606 days ago
Or maybe even more appropriate: AppArmor (or SELinux).
link
dingaling
3606 days ago
Firejail can be invoked and configured by normal unprivileged users. Apparmor requires root for creating and installing new profiles.
link
feld
3606 days ago
The new tools are being invented because the old tools suck.
SELinux is terrible from a UX standpoint
link
mynewtb
3605 days ago
Docker is not for secure sandboxing, afaik you can easily escape and get root.
link