Author Topic: Google Chrome Linux Sandboxing (Read 1506 times)

cirrus_minor · « **on:** May 05, 2012, 10:20:24 AM »

This Is For Linux Only

Download the latest chrome browser with new V8 engine here (64 bit link)

I tried this and i was truly blown away by the speed so it seems the V8 engine is very aptly named indeed ,see here, im going to show you how to sandbox chrome or chromium browsers for those of us who are security concious. You can learn more about the benefits here

Type into your Google Chrome or Chromium browser:
about:sandbox

Mine shows seccomp sandbox is enabled
1) Make a shortcut to the browser and in the properties edit command line to read:

google-chrome --enable-seccomp-sandbox %U

in chromium it should look similar to this

/usr/bin/chromium-browser --enable-seccomp-sandbox %U

in google chrome should be similar to this

/opt/google/chrome/google-chrome --enable-seccomp-sandbox %U

2) X out of current browser session and start another using newly created shortcut

3) Again type in about:sandbox to url bar to verify that you are now sandboxed

Another cool tip i found for all operating systems using chrome is if you type chrome://flags into url bar you get options to tweak some hidden settings.

I hope you found this beneficial.

cirrus

Just17 · « **Reply #1 on:** May 05, 2012, 10:48:16 AM »

Thanks for the hints.

Does the use of seccomp interfere with on line activities in obvious ways?

Only wondering what to expect from its use.

I had not been aware of this or indeed the about:flags page.

Thanks for posting.

cirrus_minor · « **Reply #2 on:** May 05, 2012, 11:52:29 AM »

I havent noticed nothing untoward , check out http://code.google.com/p/seccompsandbox/wiki/overview for more info.

Just17 · « **Reply #3 on:** May 05, 2012, 12:21:58 PM »

Quote from: cirrus_minor on May 05, 2012, 11:52:29 AM

I havent noticed nothing untoward , check out http://code.google.com/p/seccompsandbox/wiki/overview for more info.

Thanks ... I had read that ..... but your comment is more valuable to me

If you have not noticed anything then it might be OK to use full time ...... I will set it and see what happens.

Thanks.

YouCanToo · « **Reply #4 on:** May 05, 2012, 12:22:54 PM »

Quote from: cirrus_minor on May 05, 2012, 10:20:24 AM

This Is For Linux Only

Download the latest chrome browser with new V8 engine here (64 bit link)

I tried this and i was truly blown away by the speed so it seems the V8 engine is very aptly named indeed ,see here, im going to show you how to sandbox chrome or chromium browsers for those of us who are security concious. You can learn more about the benefits here

Type into your Google Chrome or Chromium browser:
about:sandbox

Mine shows seccomp sandbox is enabled
1) Make a shortcut to the browser and in the properties edit command line to read:

google-chrome --enable-seccomp-sandbox %U

in chromium it should look similar to this

/usr/bin/chromium-browser --enable-seccomp-sandbox %U

in google chrome should be similar to this

/opt/google/chrome/google-chrome --enable-seccomp-sandbox %U

2) X out of current browser session and start another using newly created shortcut

3) Again type in about:sandbox to url bar to verify that you are now sandboxed

Another cool tip i found for all operating systems using chrome is if you type chrome://flags into url bar you get options to tweak some hidden settings.

I hope you found this beneficial.

cirrus

How about adding this as a how-to in the knowledgebase. http://pclinuxoshelp.com/index.php/Category:HowTo It would make a great addition.

cirrus_minor · « **Reply #5 on:** May 05, 2012, 01:28:58 PM »

Feel free to add it , if i remember right i had issues making account over there (prolly my noobness & no fault of your own)

Archie · « **Reply #6 on:** May 05, 2012, 10:04:15 PM »

Thanks for the great tip, cirrus_minor.

cirrus_minor · « **Reply #7 on:** May 07, 2012, 12:39:04 PM »

Quote from: Archie on May 05, 2012, 10:04:15 PM

Thanks for the great tip, cirrus_minor.

You are very welcome archie , u guys have welcomed me & taught me so much through these forums & via IRC support channel during the past my 8 months of my linux usage and have made the transition all the more sweeter for me , god willing i will be taught much more in the coming years , it feels good to give a tiny bit back to you guys.
regards
cirrus

Just17 · « **Reply #8 on:** May 07, 2012, 01:00:17 PM »

Only to report that I have been using Chromium fully sandboxed since my last post, and have not met with any difficulties.

Thanks again cirrus_minor

mag · « **Reply #9 on:** May 08, 2012, 03:04:21 AM »

Thanks for the Tip. Working fine here so far.

Words worth spreading!

menotu · « **Reply #10 on:** May 08, 2012, 03:39:19 AM »

A few more command line tips..............

http://www.pclinuxos.com/forum/index.php/topic,100701.0.html

http://peter.sh/experiments/chromium-command-line-switches/

longtom · « **Reply #11 on:** May 08, 2012, 05:06:36 AM »

Quote from: menotu on May 08, 2012, 03:39:19 AM

A few more command line tips..............

http://www.pclinuxos.com/forum/index.php/topic,100701.0.html

http://peter.sh/experiments/chromium-command-line-switches/

Jeeze - that's a page full ....

PCLinuxOS-Forums

News:

Author Topic: Google Chrome Linux Sandboxing (Read 1506 times)

cirrus_minor

Google Chrome Linux Sandboxing

Just17

Re: Google Chrome Linux Sandboxing

cirrus_minor

Re: Google Chrome Linux Sandboxing

Just17

Re: Google Chrome Linux Sandboxing

YouCanToo

Re: Google Chrome Linux Sandboxing

cirrus_minor

Re: Google Chrome Linux Sandboxing

Archie

Re: Google Chrome Linux Sandboxing

cirrus_minor

Re: Google Chrome Linux Sandboxing

Just17

Re: Google Chrome Linux Sandboxing

mag

Re: Google Chrome Linux Sandboxing

menotu

Re: Google Chrome Linux Sandboxing

longtom

Re: Google Chrome Linux Sandboxing