Category Archives: How To

PC suggest: Sandbox firefox in Linux with firejail

Nowadays security threats are everywhere in the web, new security holes are discovered everyday, but sadly there are no instant patches available. If you are a firefox user, this problem is worse, as it lacks the sandbox feature like chromium or Google chrome browser.

Here’s how to protect yourself from such threats by running firefox in sandbox environment with firejail.

Firejail is an extremely lightweight Linux namespace based sandbox application, could be used with both GUI and CLI applications with minimal effort. Firejail could do even more, like traffic shaping, application spacific DNS server and default gateway etc. etc.

It could effectively run most apps with limited permission and system resource to minimize security risk. There’s also a GUI app firetools , to launch and monitor apps with firejail.

more

Advertisements

PC suggest: Simple bandwidth shaping in Linux with firejail

Network bandwidth shaping or traffic shaping is extensively used for efficient use of available network bandwidth and fairer bandwidth sharing.

Most common use of bandwidth shaping in Linux desktop is fair bandwidth sharing among different application, assume your torrent client is eating all download speed while browsing something important. For servers, it’s a lot more complex and important subject.

Surely firejail is not the best tool for this purpose, there are other utilities like iptables and tc token bucket filter. But why not use the handy firejail tool ?

For new comers, firejail is an extremely lightweight tool for isolating one/many application from the rest of the system, more straightly a sandbox application, read more about sandboxing apps with firejail here. So using fireail for traffic shaping adds an extra layer of security. Lets start !

more

ADDICTIVE TIPS: How To Set Up Firejail On Linux

Linux has a reputation of being fairly secure, and out of the big three operating systems it runs into far less issues when it comes to privacy. Still, as secure as Linux can be, there’s always room for improvement. Introducing Firejail. It’s an application that allows users to take any running app, and “jail it”, or “sandbox it”. Firejail lets you isolate an app and prevent it from accessing anything else on the system. The app is the most popular program sandboxing tool on Linux. It is because of this, many Linux distributions have decided to ship this software. Here’s how to get the Firejail on Linux.

more

SCIP: Firejail – A Human Tool to Control Software

Securing a computer does not end at the Ethernet port. Once installed and trusted, a piece of code is basically free to access a lot of resources not really necessary (think of X).

This overexposure has become critical with container technology, where the border between the resources and virtual resources may be very confusing.

Using Firejail is a quick-win for each application, especially for browsers without sandboxing. It is easy to use and configure, and the impact on the system is very small.

more

raspberrypi.org: How to install Firejail and sandbox any app

Originally designed to sandbox Firefox, Firejail can sandbox any app, or service (including Google Chrome, Chromium-Browser)

If Firejail is not in your repo, download:

wget http://mirrordirector.raspbian.org/raspbian/pool/main/f/firejail/firejail_0.9.44.8-1_armhf.deb
sudo apt-get install libapparmor1
sudo dpkg -i firejail_0.9.44.8-1_armhf.deb

This version of Firejail (on the repo servers, but not in my Jessie repo “apt-cache search firejail”) must have been compiled with –enable-apparmor as it requires libapparmor1 (which is in the repo).

more

LinuxAndUbuntu: Firejail – A Namespace Separation Security Sandbox

Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique.

Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

Firejail is easy to setup and also very easy to use. You can go either by command line version or UI version. I have got both of them covered. Try anyone you like.

Firejail GUI interface on Linux Mint

Firejail GUI interface on Linux Mint

more