[Thriptic]

It's also possible to run a web browser in a docker container which can be interacted with on the host OS. This avoids the permissions issues with solutions like firejail:

https://blog.jessfraz.com/post/docker-containers-on-the-desk...

[willglynn]

`docker` implies access to the Docker daemon, which is not an improvement over the setuid binaries anderspitman found distasteful.

https://docs.docker.com/engine/security/security/#docker-dae...

[lxdquestion]

Genuine question, would LXD be any better? I'm not an expert in containerization but I find it really interesting.

There are some blogs that talk about how to do this: https://blog.simos.info/how-to-easily-run-graphics-accelerat...

[sadfklsjlkjwt]

If it runs in the same Xwindows session no.

[folmar]

If your docker is in fact podman your rootless might be attainable.

[sadfklsjlkjwt]

Please don't suggest using Docker to sandbox a GUI app.

[xorcist]

That's not a good idea. The attack surface of docker is enormous compared to firejail.