I found that a number of the initial errors were caused by the fact that the spawned shell had inherited all the environmental settings from its parent. As is often the case it turns out to be slightly more complicated with several elements in play.ġ) There is apparently a ‘bug’ in gnome which seems to cause problems with some programs when they are run under ‘su’ although the same programs when run under a sudo spawned account work just fine.Ģ) This led me to put more effort into tracing the specific errors generated by icecat under my ‘su – dummy’ environment. The fact that icecat worked when run from my gnome login account and not when I did a ‘su’ to a dummy account led me to assume that it was probably a permissions problem. I'd be grateful if anyone can shed some light on that. I'd be grateful if you would mention what the issue is with xhost and if there is a better way of allowing limted access to my xserver?Īlso, my original question about 'granting' access to sound' remains unaddressed. I'd be happy to receive any better ideas. The dummy user account also makes it very easy to automate the scrubbing and resetting of that account between uses If I can get it working smoothly I can then think about rapping some namespace commands etc around it to further isolate the account. Avoiding 'setuid' was the reason I chose to use a dummy user account instead. I didn't want to use firejail as I believe it uses a setuid. Of couse I'm not wedded to icecat and would be happy to change given a concrete issue.
I find trawling through all the 'hidden' settings a bit of a pain in firefox. It also seems to do a better job of blocking ad's etc than firefox and doesn't open any anonymous unsolicited connections in the back ground. I'm using icecat because it seems to be easier to set privacy and anti tracking settings than firefox.