Unix & Linux Asked by user654789384 on December 4, 2020
My question today is about the access-rights and control a program gets systemwide.
I use a Linux distro as my daily-driver, mainly for software development but also for daily operations.
I really like the idea of FOSS, however, I personally need additional tools. In this example I will take MS Teams as one such.
It’s worth pointing out that I know my way around an OS like GNU/Linux, but I’m just a simple user and do not have deep know-how of how an OS operates.
Question
If I have an application like teams, is there no way I can let it run on my system, but limit its "power"? In this case:
What utilities are already existing for me to achieve this? Or do they not exist yet? Why not?
Thanks for your comments.
Sandbox
firejail
microphone access
AFAIK there are no tools for that however you can mute the microphone in pavucontrol for the app and unmute it only when required.
Talk only to MS servers
Running as a separate user (using xhost/export DISPLAY=
might be required depending on your distro and invocation) and using iptables -O OUTPUT -d IP_ADDRESS --uid-owner $USERNAME
/nftables add rule filter output meta skuid $USERNAME counter
. Then there's an application level firewall but I'm not sure it works as the project seems to be abandoned: https://github.com/Douane/
it shall be allowed to screen share, but I would need to give it access EVERY TIME when I initiate a screen cast
AFAIK there are not such tools in Linux. With the X11 security model each application can grab the entire screen any time it wants. You can however run it using a different Xorg server (Xorg :1
) in which case it won't be able to access your primary screen (:0
) but screen sharing will become impossible.
If you are paranoid/concerned, I'd suggest running the application in a VM (e.g. VirtualBox). It will completely isolate the app from your host PC but at the expense of not being able to share your screen.
Answered by Artem S. Tashkinov on December 4, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP