Sandbox Firefox – First step to security

2014-03-19 2 min read Fedora Firefox

First we will setup cgroup to limit cpu and memory usage, so here we go:

Add the configuration in /etc/cgconfig.conf

#------start cgconfig----------------
#new group
group firefox {
    perm {
        task {
#user your login id and group here, so that you can control this group
        uid = amitag;
        gid = amitag;
        }
        admin {
# same as above, set to your login id and group.
           uid = amitag;
           gid = amitag;
        }
    }
# set the limits for cpu.. by default there are 1024 shares of cpu with no other groups,
# so share of 102 would be around 10% .
    cpu{
        cpu.shares="102";
    }
# limit the cpus to be used to only 0-1
    cpuset{
        cpuset.cpus=0-1;
        cpuset.mems=0;
    }
# limit the maximum memory to 700Mb.
    memory {
        memory.limit_in_bytes="700M";
        memory.max_usage_in_bytes="0";
    }
}
#------end cgconfig----------------

 

Continue reading