[Discuss] sandboxing web browsers
Richard Pieri
richard.pieri at gmail.com
Sun Jun 21 15:28:31 EDT 2015
On 6/21/2015 3:23 PM, Tom Metro wrote:
> It's no worse than the previously mentioned solution that required sudo
> to switch to a dedicated browser user. If you are running a shared
Docker is "sudo root". Dedicated Firefox user is "sudo !root".
That's a huge difference.
> That's the recommended philosophy for using Docker in production
> environments, but Docker also works perfectly well in a copy-on-change
> model, just like a VM. Update the browser in-situ. (You can save the
> state of the container if you want to be able to instantiate (or share)
> clones of the updated container image.)
Docker does not work "perfectly well" in the first place in my experience.
--
Rich P.
More information about the Discuss
mailing list