KDE Plasma + Brave on Debian

  This is the “how do I make Brave do what I want” note --- especially when Brave profile UI is broken and KDE is strict about .desktop launchers. 1) Know what you’re running. Check where Brave comes from. which brave-browser If it returns /usr/bin/brave-browser , you’re on the APT-installed build (good, predictable). Also note that on Debian you often have both commands available. brave-browser is commonly a wrapper. brave-browser-stable is commonly the actual binary. 2) Where Brave stores its data. Default Brave user-data root (APT install). ~/.config/BraveSoftware/Brave-Browser/ If you only see Default/ , then you effectively have a single Brave “profile” in that directory. 3) Multiple isolated Brave sessions without Brave profiles. This is the clean workaround: run separate user-data directories . Create a new isolated environment. mkdir -p ~/.config/BraveSoftware/Brave-RDT Launch Brave using that directory. brave-browser-stable --user-data-dir= ...
0

Process and device isolation

Process isolation

Linux isolates the processes, and each of them can't access others' ones, even of they're running under the same user's privileges.

Other system Linux uses to enhance security and protection:

  • Control Groups (cgroups)
    Administrators can group processes and associate a limit of resources to each cgroup.
  • Containers
    It runs multiple isolated Linux systems (containers) on a single system based on cgroups.
  • Virtualisation
    Entire systems can run simultaneously as isolated and insulated guests (virtual machines) on one physical host.

Device isolation

Hardware and devices are not directly accessible. There is a file system layer which creates a file called node in /dev/ for every device of hardware. Each device special file has a standard owner, group and world permission fields. Security is the same like a normal file.


Comments

Post a Comment