Is there any software that could let me run a disposable VM to open just a chrome window, browse the internet and destroy itself when I’m done with it?
Right now I’m using virt-manager to run ubuntu live cd, but the live cd booting and etc. just takes too long for me, and I also have to keep an eye on the iso image and update it from time to time.
I looked into ubuntu/canonical multipass but I couldn’t get it to work on my desktop (ArchLinux with KDE), I’m also not really sure if its meant for the desktop flavor of ubuntu.
Install a distro, setup chromium to autostart, install unlock. Shutdown the VM, take a snapshot. Then you can use the VM, and when you are done, rollback/revert to the snapshot.
@exee@BigBlueHouse
Thanks, I’ll look into it, however the vm still feels a bit more secure since it’s not sharing the same kernel and has no access to the host file system, also the “–privileged” flag for docker flag looks kinda scary : /
@TheCakeIsNaOH
It still requires me to update the system from time to time.
Right now I’m considering scripting some wrapper that would work as a system daemon and would rebuild some custom init ramfs + kernel from time to time and provide some short command to tell virtd to spin up a direct kernel boot VM… however there must be a better solution out there, what I’m thinking about has to be overkill.
Boot up the VM, run sudo apt update && sudo apt upgrade, shut down the VM, make a new snapshot. If you enable ssh in the VM so as to run the update, it should be simple to make a shell script so you can do it in one command.
Chrome already does a ton of sandboxing and security stuff.
And most of the exploits these days are done by asking the GPU to render something and exploiting a gpu driver bug… which can work even for VMs.
You may want to have a look at a combination of github.com/google/detangle (which automatically opens websites in a correct profile) and uMatrix/uBlock origin for “filthy casual” browsing, and either a separate machine on a separate network or maybe passthrough where you want airgap like security.
Typically, when we want to run an application inside a Firejail sandbox, we can simply run the firejail command and pass it the name of the program we want to run. For example, we can launch Firefox using