Documentation

 

I’ve just installed Firejail, now what?!

Integrate your sandbox into your desktop by running:

$ sudo apt-get install firejail_xyz.deb
$ sudo firecfg

Start your program the way you are used to – desktop manager menus, file manager, desktop starters – and it will be sandboxed automatically. There are over 1000 applications supported by default in the current Firejail software version, and the number goes up with every new release.

The browser is by far the most important program you would ever need to protect. Take a look at Firefox Sandboxing Guide to get in the mood.

Tor browser setup is discussed in Firejail Tips and Tricks.

Firejail Usage document will help you get started in command line. If you are stuck and need help to figure something out, don’t be afraid to ask.

Do I really need to build a security profile for my application?

No. If your application is not recognized, Firejail will use a very restrictive default profile. Yet, we encourage users to customize profiles. Building Custom Profiles describe how to change exiting security profiles and how to create new ones. For developers we keep a more detailed document in our wiki here.

It’s too easy, I’m getting bored!

There is no difficult in Firejail, at least not SELinux-difficult. But if you need something more challenging, try to customize your security filters, or go into some more advanced security topics such as X11 sandboxing:

Not quite like that, I was thinking about sandboxing games…

Take a look at this excellent Steam article on Joris_VR blog. Both Steam in Wine games are supported by Firejail sandbox, with full sound and 3D acceleration.

HowTo Videos

For our less-experienced Linux users, we are building a video HowTo channel. Hopefully, we can pair each video with a blog entry, if not, we provide the relevant info in the video description. Currently the videos are on YouTube, but we have a backup channel on BitChute.

Firejail intro
How to disable network access
Arch Linux Install
Debian/Ubuntu Install
 

External Reviews

If you are looking for external reviews, these are some of the best: LWN.net, DistroWatch.com, and linux.com. Linux Magazine published a very detailed feature article in April 2015. An online copy is available here.

There are a lot of Firejail videos, podcasts, and articles out there. You can find some of them featured in our blog. If you run into one that’s not there, drop us a line in the comments section below. Big thanks to everybody!

Aaron Jones, Phoenix Linux User Group
DJ Ware
Null Byte
Paf LeGeek (French)
AddictiveTipsTV
How To Make Tech Work
Linux Action Show
Linux Luddites Show

13 thoughts on “Documentation

  1. Pingback: How to Sandbox Apps in Linux Systems | Beebom

  2. Pingback: linux process sandboxing with linux ‘user namespaces’ and firejail – atropineal

  3. Pingback: How to Sandbox Non-Trusted Apps in Linux Systems - PC - Learn in 30 Sec from Microsoft Awarded MVP

  4. Pingback: Firejail | security sandbox

  5. Pingback: FireJail for Linux Security – Chainsaw's Privacy

  6. Pingback: ▷ How to Sandbox Non-trusted Apps in Linux Systems | Howw

  7. Pingback: با Firejail در مقابل آسیب پذیری های برنامه ها در لینوکس محفوظ تر بمانید! – OpenJDK.ir

  8. sioeuhdiwuehd

    I am using 0.9.60 version.
    >Without sudo on mint 19.2…
    $ firecfg –fix-sound
    Error: cannot detect login user
    >And with sudo…
    sudo firecfg –fix-sound
    [sudo] senha para user:
    Writing file /root/.config/pulse/client.conf
    fopen: No such file or directory
    Error: cannot configure sound file

    Like

    Reply
  9. iuehduihe

    Netblue, start fixing this shit for new users. I did install firejail in mint and in popOS.
    Always lots of headaches for breaking the system just for installing.
    Now? Installed the normal ubuntu repo version in popos…
    >Chromium already do not work after firejail install, can not type anything, keyboard is blocked to acess it. It reminded me it gave me problems in mint and manjaro too with opera and brave.
    >Then i went to install VERACRYPT DEB file i downloaded… Gives an error. Only if i uninstall firejail i can install veracrypt. Very annoying.

    Like

    Reply
  10. Pingback: Locking Down Linux: Using Ubuntu as Your Primary OS, Part 3 (Application Hardening & Sandboxing) « Null Byte :: WonderHowTo

  11. Pingback: Cómo crear aplicaciones de sandbox en sistemas Linux - uzco.online

  12. K

    After running sudo firecfg its impossible to shut down firejail using command firejail –shutdown=PID because the PID is everchanging. Each invocation of firejail –list to get the PID will change the PID of the result (e.g 4054: –list)

    Like

    Reply
  13. Pingback: Sandbox-Apps in Linux-Systemen - weeo.online

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s