Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 5. Locked-down, secure Firefox in a container

This section explains how to deploy a secure container that runs Firefox. This container gives you an instance of Firefox, containerized, with the following features:

  • Completely unprivileged - needs no extra SELinux tweaking
  • Only the list of cgroups is passed into the container from the host
  • No port redirection because the container is available only to the host
  • No X11 clipboard events or X events shared with your real host
  • No shared sound hardware
  • Everything runs with normal, non-elevated user permissions except for systemd (and systemd runs only to reap the other processes)
  • unsynced sound, flash, and interactivity.

Running Firefox Securely in a Container

  1. Retrieve the base image that we use to build this container: 

    $ curl -o Fedora-Docker-Base-22-20150521.x86_64.tar.xz -L https://download.fedoraproject.org/pub/fedora/linux/releases/22/Docker/x86_64/Fedora-Docker-Base-22-20150521.x86_64.tar.xz
    Copy to Clipboard Toggle word wrap

  2. Load the base image you just downloaded into the local Docker registry: 

    $ sudo docker load < Fedora-Docker-Base-22-20150521.x86_64.tar.xz
    Copy to Clipboard Toggle word wrap

  3. Create a directory to hold the Dockerfile that will map out this container: 

    $ mkdir -p isolated_firefox
    Copy to Clipboard Toggle word wrap

  4. Retrieve the Dockerfile by using this curl command: 

    $ curl -o isolated_firefox/Dockerfile -L http://pastebin.com/raw.php?i=cgYXQvJu
    Copy to Clipboard Toggle word wrap

  5. Build the container and tag it with a tag called isolated_firefox: 

    $ sudo docker build -t isolated_firefox isolated_firefox .
    Copy to Clipboard Toggle word wrap

  6. Run the container: 

    $ sudo docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro isolated_firefox
    Copy to Clipboard Toggle word wrap

  7. Retrieve the CONTAINER_ID by using the docker ps command: 

    $ sudo docker ps
    Copy to Clipboard Toggle word wrap

  8. Retrieve the IP address of the container: 

    $ sudo docker inspect CONTAINER_ID| grep IPAddress\":
    Copy to Clipboard Toggle word wrap

  9. Open the container in vncviewer: 

    $ vncviewer CONTAINER_IP
    Copy to Clipboard Toggle word wrap

  10. To hear the audio associated with this container, open a browser and go to the following location: 

    http://CONTAINER_IP:8000/firefox.ogg
    Copy to Clipboard Toggle word wrap
    Note

    Do not forget to include the port in the URL. That means that you should not forget to type :8000 after the URL. You can also send the address of the container to VLC to play the content in VLC.

  11. Run the following command to launch the VLC instance: 

    $ vlc http://CONTAINER_IP:8000/firefox.ogg
    Copy to Clipboard Toggle word wrap
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat