Profile Picture

Spencer B.

President/Lead Developer at the Quaternion Institute. CS student, programmer, and guitarist.

feed | tips | contact

How to Sandbox Zoom with Firejail

Calendar icon January 6, 2021

Clock icon 2 min read

Folder icon #linux #software #zoom #void #firejail #privacy in tech

Zoom

It’s Winter of 2020 and COVID-19 is taking off. Universities and schools announce that classes will be held online using Zoom, a video chat platform literally no one has heard of that becomes ubiquitous overnight that lies about encryption and has ties to the Chinese government because it’s so well-made and truly innovative. Just kidding. I don’t buy it; there’s spooky shit afoot.

Security Recommendations

  1. Don’t sign in to a Zoom account
  2. Use a VPN (not free or US-based)
  3. Use a virtual machine (preferred, I was having hardware issues) or firejail

Installation

Install firejail and zoom.

On Void Linux:

# Install needed software
sudo xbps-install -S firejail git

# Set up xbps-src
git clone https://github.com/void-linux/void-packages
cd void-packages
./xbps-src binary-bootstrap

# Enable restricted packages
echo XBPS_ALLOW_RESTRICTED=yes >> etc/conf

# Build Zoom package
./xbps-src pkg zoom
sudo xi zooom

Information on restricted packages can be found here.

Since Zoom is so popular it shouldn’t be hard to find specific instructions to install it for your distribution.

Setup

UPDATE: this article is much better. It accounts for several problems I later found with Zoom being unable to connect properly or open the browser.

To run an application in a firejail sandbox the command is simply firejail [software].

  1. Run firejail zoom, click “Sign in”, do an “SSO Sign-in” and then you’ll see a page like this:

Zoom sign-in page

  1. Right-click “Launch Zoom” and “Copy Link Location”.

  2. Now create a bash alias, in .bashrc:

alias zoom='firejail xdg-open "[copied URL]" &'
  1. If xdg-open isn’t found, install xdg-utils.

Troublshooting

You may have to run Zoom without firejail the first time if your browser doesn’t open after clicking “SSO Sign-in”, obviously this isn’t ideal.

Comments