After some consideration and further research I recommend using the Flatpak version of Zoom rather than trying to sandbox it manually. The flatpak system was built with application isolation in mind in contrast to trying to achieve a sandbox with firejail afterwards. Moreover, less experienced users don't need to configure anything or meddle with symlinks.
I will leave the tutorial up for now as it may still be useful for some special cases or other programs than Zoom.
Download the client application from the official website. Save the .deb
package and install it:
sudo apt install zoom_amd64.deb
Adopted from: https://wiki.ubuntuusers.de/firejail/
Now you want to install the package firejail
either fro the official repositories or by adding a ppa first.
Optional:
sudo add-apt-repository ppa:deki/firejail
sudo apt update
Install firejail
:
sudo apt install firejail firejail-profiles
You will need a "home" directory for zoom
:
sudo mkdir -p /opt/zoom/home
sudo chown -R $USER /opt/zoom
Zoom can then be launched in a sandbox like this:
firejail --profile=/etc/firejail/zoom.profile --private=/opt/zoom/home /opt/zoom/ZoomLauncher
If you want to be able to just start Zoom from the launcher or the terminal by typing the command zoom
you also have to remove the symlink /usr/bin/zoom
and create a bash script with that exact same name. This also prevents you from accidentally run Zoom outside the sandbox!
sudo mv /usr/bin/zoom /usr/bin/zoom.backup
sudo vim /usr/bin/zoom
Then insert the following:
#!/bin/bash
firejail --profile=/etc/firejail/zoom.profile --private=/opt/zoom/home /opt/zoom/ZoomLauncher
Afterwards make the script executable:
sudo chmod +x /usr/bin/zoom
You can now run Zoom more securely inside a sandbox environment!
Coming soon...