If you want to use a web browser on reasonable secure way, you could use firejail:

https://wiki.archlinux.org/title/Firejail

It’s not as powerful as @qubesos but it’s well enough:

Eg.I run @librewolf with firejail using firefox profile:

firejail --x11=xephyr --xephyr-screen=1024x900 --net=wlan0 --seccomp --caps.drop=all --nonewprivs --noroot --profile=/etc/firejail/firefox.profile openbox --startup “librewolf”

  • @kixik
    111 months ago

    why do you need a firefox profile when upstream firejail provides a librewolf one? On Artix (Arch, no systemd):

    /etc/firejail/librewolf.profile

    Also, one simple way to use firejail or firejail + apparmor, is to use firejail by default, and enable apparmor support with “Enable Apparmor globally in /etc/firejail/globals.local and disable as needed through the use of ignore apparmor in /etc/firejail/ProgramName.local”, so not a complex thing, if one takes a look at firejail and apparmor wikies in general.

    @somenxavier@mathstodon.xyz do you happen to know ho to disable that librewolf can only download to wherever the xdg download directory is set? I have specific places, not under such directory, where I download certain things as receipts, bank stuff, and so on…