TechRepublic: How to install and use Firejail on Linux

Firejail is a Linux security SUID program that drastically reduces the risk of security breaches by sandboxing the running environment of untrusted applications. Firejail achieves this by using Linux namespaces and seccomp-bpf which allows the attaching of a system call filter to a process and all its descendants, thus reducing the attack surface of the kernel.

With Firejail installed, you can then launch applications from the command line, such that they have a private view of globally-shared kernel resources–such as the network stack. With this addition to your Linux platform, you’ll gain a heightened level of security to an already secure environment.

Firejail is not limited to graphical applications. In fact, Firejail can sandbox servers, GUI tools, and even user login sessions.

Believe it or not, Firejail is incredibly easy to use. I’m going to walk you through the process of installing and using Firejail.

more

2 thoughts on “TechRepublic: How to install and use Firejail on Linux

  1. Kevin

    Brave still cannot open in Firejail on Ubuntu/Mint under the current version of both Firejail and Firetools. Can we please get a patch for this? Maybe post that article on Brave’s Github to encourage them to help develop a patch. I’d rather use Brave than Firefox but I won’t until it is compatible with Firejail.

    Like

    Reply
  2. Fernando

    Firejail can’t run type 2 appimages:
    $ firejail –appimage ./Rambox-0.7.5-linux-i386.AppImage
    Mounting appimage type 1
    Error mounting appimage: appimage.c:117 appimage_set: Invalid argument

    The appimage executes fine if I type:
    ./Rambox-0.7.5-linux-i386.AppImage

    I am using 32-bit firejail in a 32-bit Linux to run 32-bit appimage.
    Here is the download link of the appimage:
    https://github.com/ramboxapp/community-edition/releases/tag/0.7.5

    I have tested many type 2 appimages and nothing work

    My firejail version is:
    $ firejail –version
    firejail version 0.9.62

    Compile time support:
    – AppArmor support is disabled
    – AppImage support is enabled
    – chroot support is enabled
    – file and directory whitelisting support is enabled
    – file transfer support is enabled
    – firetunnel support is enabled
    – networking support is enabled
    – overlayfs support is enabled
    – private-home support is enabled
    – seccomp-bpf support is enabled
    – user namespace support is enabled
    – X11 sandboxing support is enabled

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s