Firejail -- run your software safely!

What do you have and what do you want?

Moderators: b1o, jkerr82508

User avatar
viking60
Über-Berserk
Posts: 9279
Joined: 14 Mar 2010, 16:34

Firejail -- run your software safely!

Postby viking60 » 03 Jan 2017, 11:44

The Linux kernel does contain namespaces that enables us to create a little space of our own that gives us the freedom to work with it while people outside that namespace don't have those privileges.

This is also referred to as "Jail" or "Sandboxing" but in this case it is a good thing to be behind bars :-D

This confined space lets you run your software safely without the whole world getting informed about your doings.

That is the point with a Jail - nothing gets out.

The kernel also contains Seccomb-bbf which stands for Secure computing mode.This is "simply" a sandboxing tool
In the old days you could create it and activate it with a double somersault while you scratched your head with your toes while drinking lots of :coffee_cup:

Not so anymore!

Firejail is a software that is light and will fix this for you without having to do anything. It will reduce the no. of security breaches.

Simply install it and start your program with

Code: Select all

firejail <PROGRAM>


Typically your Browser.

You will find Firejail in the AUR for Arch and Arch derivatives. Debian users can add the repo in /etc/apt/sources.list by adding this line:

Code: Select all

deb http://ftp.de.debian.org/debian jessie-backports main

(you may have to reboot after adding the line).
The download page also contains a rpm file that works just fine in Centos.

There is also a GUI called Firetools.
Image
Just right-click on the app you want to start and run it in jail.

You will not notice any difference, but when you do a

Code: Select all

firejail --list
you will see which Apps that are running in the sandboxed mode.

You do not need the GUI using alt+f2 and typing

Code: Select all

firejail firefox
will work just fine.

to check out your installation you can do a

Code: Select all

firejail --audit

Easy as pie +1
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"

User avatar
viking60
Über-Berserk
Posts: 9279
Joined: 14 Mar 2010, 16:34

Re: Firejail -- run your software safely!

Postby viking60 » 22 Nov 2017, 01:47

I have been using this for a long time now without noticing it. That is a good thing!
The main point is that my browsers cannot be used/expoiteed to see my files.
Manjaro 64bit on the main box -Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz and nVidia Corporation GT200b [GeForce GTX 275] (rev a1. + Centos on the server - Arch on the laptop.
"There are no stupid questions - Only stupid answers!"


Return to “Software”