# Containerized office ?



## Alain De Vos (Dec 24, 2021)

People focus on running a browser in a jail.
But i'm interested in running libre-office and open-office in a jail.
How ? Because we can expect X forwarding problems.


----------



## drhowarddrfine (Dec 24, 2021)

We can?


----------



## mer (Dec 24, 2021)

Doesn't a browser need to X forward when run in a jail?


----------



## kpedersen (Dec 24, 2021)

I do the following. Seems to work fine.

On host

```
# ln /tmp/.X11-unix/X0 /jail/myjail/tmp/.X11-unix/X0
# cp /home/myuser/.Xauthority /jail/myjail/home/myuser/.Xauthority
```

In jail

```
$ DISPLAY=:0 libreoffice
```


----------



## Zare (Dec 24, 2021)

Why not use a standard tool (xhost) to manage access to the socket and treat the jail as remote host?


----------



## kpedersen (Dec 25, 2021)

Zare said:


> Why not use a standard tool (xhost) to manage access to the socket and treat the jail as remote host?


Mainly because I don't really want to get the network stack involved (even localhost / loopback). It is slower than UNIX sockets and a Libreoffice jail should probably remain completely isolated.


----------



## grahamperrin@ (Jan 1, 2022)

Alain De Vos not browser-specific, is the post below of interest?

Running Jails as Unprivileged User, Take Two

in particular, the comments from rykolepl.




john_rambo said:


> …I am stuck. … Jail so created a regular user account but I can't launch Firefox despite …



john_rambo ▲ see above (I assume that your case is not yet solved) …


----------



## zader (Jan 1, 2022)

not sure freebsd is the best tool for user based sandboxing .. you may want to look at openbsd, specifically pledge and unveil .. its more geared towards what your looking to do .. hopefully they will become apart of the freebsd base .. sooner then later..


----------

