blob: b54067bc50ab99744f27a1dd9ec45cad29f3288d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
VirtualBox Wrapper
==================
Wrapper to provide easy to use GUI isolation[1].
Xinput and clipboard isolation
------------------------------
VirtualBox offers some protections agains inherent insecurities on X server
architecture[2] but not as tough as [Qubes](https://qubes-os.org) or maybe
how [Subgraph](https://subgraph.com/sgos/index.en.html) is planning.
It's still possible to sandbox applications using VirtualBox and have some level
of protection while having a slightly simple setup if you can't migrate to Qubes:
1. Clipboard sharing: you can entirelly disable this feature or have just
the hability to copy content from the VM to the host X session.
2. Xinput isolation: by my early testings, VirtualBox provides xinput isolation
as the guest can just capture events when the guest window is focused. But this
needs further research.
References:
* [1](https://blog.fluxo.info/suckless/virtual/).
* [2](http://theinvisiblethings.blogspot.com.br/2011/04/linux-security-circus-on-gui-isolation.html).
|
