I’ve just installed Firejail, now what?!
Integrate your sandbox into your desktop by running the following two commands:
$ firecfg --fix-sound $ sudo firecfg
The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. The second command integrates Firejail into your desktop. You would need to logout and login back to apply PulseAudio changes.
Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are about 250 default applications in Firejail version 0.9.46, and the number goes up with every new release. We keep the list in /usr/lib/firejail/firecfg.config file.
Basic Usage document will help you get started in command line. If you are stuck and need help to figure something out, don’t be afraid to ask.
Can you sandbox Firefox?
Firejail was build with Mozilla Firefox in mind. Sandboxing Firefox is by far the most popular application for Firejail. Check out our Firefox Sandboxing Guide.
Do I really need to build a security profile for my application?
No. If your application is not recognized, Firejail will use a very restrictive default profile. Yet, we encourage users to customize profiles. Building Custom Profiles and Building Whitelisted Profiles describe how to change exiting security profiles and how to create new ones.
It’s too easy, I’m getting bored!
There is no difficult in Firejail, at least not SELinux-difficult. But if you need something more challenging, try to customize your security filters, or go into some more advanced security topics such as X11 and Grsecurity:
Not quite like that, I was thinking about sandboxing games…
Take a look at this excellent Steam article on Joris_VR blog. Both Steam in Wine games are supported by Firejail sandbox, with full sound and 3D acceleration.
Across the Internet
If you are looking for external reviews, these are some of the best: LWN.net, DistroWatch.com, and linux.com. Linux Magazine published a very detailed feature article in April 2015. An online copy is available here.
- Firejail – A Security Sandbox for Mozilla Firefox
- Firejail – A Security Sandbox for Mozilla Firefox, Part 2
- Firejail – A Security Sandbox for Mozilla Firefox, Part 3
- Running Dropbox in Firejail Sandbox
- Debian/Ubuntu Cross-distro Gaming with Firejail
- How to Restrict a Login Shell Using Linux Namespaces
- Securing a Web Server Using a Linux Namespaces Sandbox