Linux desktop sandboxing for dummies?

NoahRaketic

MuppetScalextric Don't use Flatpak or Firejail

Not using flatpak is worse than using it, even despite its flaws. Flatpak sandboxing is better than none at all, especially when configured with a tool like Flatseal.

MuppetScalextric pixelfairy Let me know how many independent security audits Qubes OS have had? Yeah Debian and Fedora might not neither but at least they are way more popular thus decreasing the risk.

I wouldn't trust Qubes. It is unnecessarily complicated. Just run Debian with Gnome Boxes VM if you need virtualization for peace of mind.

This hacked-together virtualization setup is guaranteed to be much less audited (most likely only by one user) and much less secure than Qubes OS is. Xen is very heavily audited, and Qubes OS has a proper development team behind it.

pixelfairy

MuppetScalextric You clearly never tried Qubes. Its really well thought out. The integration between VMs is the best I've seen in the compartmentalized desktop space.

And yes, I have rolled my own. Various combinations of packer, ansible, and bash scripts with vagrant for some projects over the years untill switching to qubes. Qubes is more streamlined and still has a smaller attack surface than any of my hacked together setups. It gets audited constantly, esp Xen. The mailing list regularly shows issues they've found, along with exploit, mitigation and fix. Security audits is what Invisible Things Lab, the company behind qubes, does.

« Previous Page