The following sandboxed firefox command works with a 'Minimal desktop' install - i.e., a minimal GNOME desktop:
Code: Select all
sandbox -t sandbox_web_t -X /bin/sh -c "setxkbmap -rules evdev -model pc105 -layout gb; exec /usr/bin/firefox --safe-mode --private"
Looking through the code, the `sandbox` command (a 500 line python script), calls `seunshare` with the argument `/usr/share/sandbox/sandboxX.sh`, which in turn runs Xephyr, followed by `/usr/share/sandbox/start $HOME/.sandboxrc`, which then runs firefox. `sandboxrc` is autogenerated by the `sandbox` python script.
Execution seems to progress no further than attempting to invoke Xephyr, the code at this point in `sandboxX.sh` being:
Code: Select all
/usr/bin/Xephyr -title 'Sandbox sandbox_web_t:s0:c203,c467 -- /bin/bash ' -terminate -screen 1000x700 -dpi 96 -displayfd 5
To summarise with a 'Desktop platform' only install + openbox the following `sandbox` command works:
Code: Select all
sandbox -t sandbox_web_t /bin/bash
Code: Select all
sandbox -t sandbox_web_t -X /usr/bin/gnome-terminal