Into The Void: Firejail with Tor HOWTO

A few years ago I created a set of scripts to start applications inside a linux namespace and automatically “Tor-ify” their network traffic. The main reason behind this effort was to provide some isolation and Tor support for applications that don’t have socks5 support, for example claws-mail. While this worked it was hard to keep adding sandboxing features like the ones firejail already provided. So I decided to take a look at how I could automatically send/receive traffic from a firejail-ed application through Tor. more…

Route Reflector Labs: Running Wireshark in a jail/sandbox

Wireshark running in a Firejail sandbox

Wireshark running in a Firejail sandbox

Firejail is a powerful tool which can be use to sandboxing lot of applications. By default Firejail provides profiles for Chrome, Firefox, Telegram and other famous applications. Wireshark is still missing.

We want to limit the interfaces a user can sniff. To be more specific, we want users capture from bridges interfaces only. more…

Beebom – How to Sandbox Non-trusted Apps in Linux Systems

Sometimes we have to run an application that we do not trust, but we are afraid that it might look at or delete our personal data, since even though Linux systems are less prone to malware, they are not completely immune. Maybe you want to access a shady-sounding website. Or perhaps you need to access your bank account, or any other site dealing with sensitive private information. You might trust the website, but do not trust the add-ons or extensions installed in your browser.

In each of the above cases, sandboxing is useful. The idea is to restrict the non-trusted application in an isolated container -a sandbox– so that it does not have access to our personal data, or the other applications on our system. While there is a software called Sandboxie that does what we need, it is only available for Microsoft Windows. But Linux users need not worry, since we have Firejail for the job. more…

MakeUseOf – Firejail: A Simple Way to Improve Security on Linux

Linux is secure, right? It’s certainly more secure than Windows in a lot of ways, but it’s not impervious to attack. There is always a trade-off between security and usability, but how far can you really go to secure your operating system without seriously compromising its usability?

If you get compromised the damage is already done, it really doesn’t matter which operating system you run. Firejail allows you to mitigate this risk, but will it keep you secure without making your system unusable? more…

DistroWatch – Tips and tricks: The Firejail security sandbox

Sandboxing is a term which describes isolating programs from each other (or from specific system resources) by limiting their scope or access to parts of the operating system. There are many forms sandboxing can take, from virtual machines to Docker containers. Other mechanisms we can use to isolate processes from resources include SELinux, AppArmor and control groups. These tools are lightweight and powerful, but they can be quite tricky to set up, especially for inexperienced users. SELinux in particular uses a cryptic syntax which people find difficult to master. more…