Ubuntu or Debian: $ sudo apt-get update $ sudo apt-get install firejail $ sudo apt-get install xpra xserver-xephyr The sandbox replaces the regular X11 server with Xpra or Xephyr server. This prevents X11 keyboard loggers and screenshot utilities from accessing the main X11 server. ``` To install for all, Users (NOTE: you'll need to make the "work" folder for each users home path on the PC): IE: $ mkdir /home/USERsName/work $ mv /usr/share/applications/firefox.desktop /usr/share/applications/firefox.desktop.orig $ nano /usr/share/applications/firefox.desktop OR - for just, you: $ mkdir ~/work $ nano ~/.local/share/applications/firefox.desktop # Note --dns is optional... It will break your DNS content filtering if you have that setup! Insert the following: ``` ``` [Desktop Entry] Version=1.0 Name=Firefox Web Sandboxed Comment=World Wide Web GenericName=Web Browser Keywords=Internet;WWW;Browser;Web;Explorer Exec=firejail --seccomp --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -no-remote Terminal=false X-MultipleArgs=false Type=Application Icon=firefox Categories=GNOME;GTK;Network;WebBrowser; MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/chrome;video/webm;application/x-xpinstall; StartupNotify=true Actions=secure-mode;private [Desktop Action private] Name=Private Mode Exec=firejail --seccomp --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -no-remote -private-window [Desktop Action secure-mode] Name=Super Secure Mode Exec=firejail --seccomp --x11 --name=SecureMode --private=~/work --dns=1.1.1.3 --dns=1.0.0.3 firefox %u -private-window -no-remote -safe-mode ``` To Save, do: ctrl+x, then press Y to save. Enter to accept filename... Once saved, reboot and Copy Launcher Icon to Launcher Tray... Try dragging and dropping (from Show Applications, FireFox) to your sidebar.... ### Note: All access for FireFox will be JAILed to the path ~/work and will not be able to get out of that Jail! Cool, huh. You may access downloads via: $ nautilus ~/work/Downloads & Or Open Files and goto : work/Downloads Now, if at any time you get spy/malware/ad toolbars or whatever you do not want.... All you need to do is remove the work folder from your home path, all setting will be wiped along with bookmarks!!! Backup/Export your bookmarks, then rm -rf /home/yourUSERnameHere/work