Documentation

 

I’ve just installed Firejail, now what?!

Integrate your sandbox into your desktop by running:

$ sudo firecfg

Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are over 800 default applications in the current version of Firejail, and the number goes up with every new release. We keep the list in /usr/lib/firejail/firecfg.config file.

By far the most important application you would ever need to sandbox is the browser. Take a look at Firefox Sandboxing Guide to get in the mood. It was written for Firefox, but it applies to all browsers. It describes the filesystem container created on-the-fly for the sandbox, and several common sandbox setups you can also apply to other applications.

Firejail Usage document will help you get started in command line. If you are stuck and need help to figure something out, don’t be afraid to ask.

Another document you might want to look at is Sandboxing Binary Software. The latest and greatest version is in our wiki on GitHub. Here you will find information about Tor browwser and AppImages among other things.

Do I really need to build a security profile for my application?

No. If your application is not recognized, Firejail will use a very restrictive default profile. Yet, we encourage users to customize profiles. Building Custom Profiles describe how to change exiting security profiles and how to create new ones. For developers we keep a more detailed document in our wiki here.

It’s too easy, I’m getting bored!

There is no difficult in Firejail, at least not SELinux-difficult. But if you need something more challenging, try to customize your security filters, or go into some more advanced security topics such as X11 sandboxing:

Not quite like that, I was thinking about sandboxing games…

Take a look at this excellent Steam article on Joris_VR blog. Both Steam in Wine games are supported by Firejail sandbox, with full sound and 3D acceleration.

HowTo Videos

For our less-experienced Linux users, we are building a video HowTo channel – install guides, ticks and trick, etc. Hopefully, we can pair each video with a blog entry, if not, we provide the relevant info in the video description. Currently the videos are on YouTube, but we have a backup channel on BitChute.

Firejail intro
How to disable network access
Arch Linux Install
Debian/Ubuntu Install
 

External Reviews

If you are looking for external reviews, these are some of the best: LWN.net, DistroWatch.com, and linux.com. Linux Magazine published a very detailed feature article in April 2015. An online copy is available here.

There are a lot of Firejail videos, podcasts, articles out there, you can find some of them featured in our blog. If you run into one that’s not there, drop us a line in the comments section below. Big thanks to everybody!

Linux Action Show
Linux Luddites Show

8 thoughts on “Documentation

  1. Pingback: How to Sandbox Apps in Linux Systems | Beebom

  2. Pingback: linux process sandboxing with linux ‘user namespaces’ and firejail – atropineal

  3. Pingback: How to Sandbox Non-Trusted Apps in Linux Systems - PC - Learn in 30 Sec from Microsoft Awarded MVP

  4. Pingback: Firejail | security sandbox

  5. Pingback: FireJail for Linux Security – Chainsaw's Privacy

  6. Pingback: ▷ How to Sandbox Non-trusted Apps in Linux Systems | Howw

  7. Pingback: با Firejail در مقابل آسیب پذیری های برنامه ها در لینوکس محفوظ تر بمانید! – OpenJDK.ir

  8. sioeuhdiwuehd

    I am using 0.9.60 version.
    >Without sudo on mint 19.2…
    $ firecfg –fix-sound
    Error: cannot detect login user
    >And with sudo…
    sudo firecfg –fix-sound
    [sudo] senha para user:
    Writing file /root/.config/pulse/client.conf
    fopen: No such file or directory
    Error: cannot configure sound file

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s