For running applications sandboxed in Linux, Firetools is a good utility to do so. Sandboxing is essentially restricting applications in their own space and thereby limiting their reach to the overall system. This is a security layer to prevent any malicious programs to have full access to the system.
Firetools is a graphical front-end for the command-line sandboxing tool Firejail.
Firejail is an easy to use sandbox that reduces the risk of security breaches by restricting the running environment of untrusted applications using seccomp-bpf and Linux namespaces.
The first seccomp/namespaces sandbox was built by Google for Chromium browser. It was released in 2012, replacing their existing SELinux sandbox. Shiny new technology, the sandbox flew under the radar gaining market share. By 2014 when Firejail project was started, Chromium browser was already running on 50% of Linux desktops. Today there are a small number of projects sandboxing browsers and other desktop applications using seccomp/namespaces technology. We are proud to be one of them.
From the beginning we realized the contradiction between security and comfort, and we made ease of use one of our main goals. We managed to achieve this goal without sacrificing the security functionality. We provide:
- a simple method to start the sandbox from command line – prefix your application name with “firejail”, eg “firejail firefox”
- full desktop integration – applications are sandboxed automatically when started by clicking on icons in file manager or desktop manager menus
- an intuitive syntax for building advanced security profiles
Our focus is GUI application sandboxing, with web browsers being the main target. The sandbox denies access to private files in user’s home directory. Inside the sandbox,
Downloads directory and the browser configuration files are real, everything else is stored in a temporary filesystem and later discarded:
Only Downloads directory is visible inside a sandboxed Firefox browser.
This guide describes the steps necessary to install and configure Firejail sandbox on Linux Mint. Both Cinnamon and MATE desktop environments are supported. We provide similar support for all desktop managers.
Firejail is an easy to use security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux kernel security features. It restricts what files and directories an application can access in your home directory and what access it has to system directories and system resources. Firejail is ideal for use with web browsers, desktop applications, and daemons/servers alike. more