Download

 
Download the latest version:

For release notifications subscribe to the atom feeds below:

 

Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Gentoo, Manjaro, Mint, NixOS, Parabola, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void. You can also install one of the released packages, or clone Firejail’s source code from Git repository.

After install run:

$ firecfg --fix-sound
$ sudo firecfg

The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. You would need to logout and login back to apply PulseAudio changes. The second command integrates Firejail into your desktop. You can read more about system integration in Linux Mint Sandboxing Guide.

 

Source Code

Download the source code archive and extract the files:

$ tar -xjvf firejail-X.Y.Z.tar.bz2
or
$ tar -xJvf firejail-X.Y.Z.tar.xz

Compile and install

$ cd firejail-X.Y.Z
$ ./configure && make && sudo make install-strip

Firetools compilation is similar:

$ tar -xjvf firetools-X.Y.Z.tar.bz2
or
$ tar -xJvf firetools-X.Y.Z.tar.xz

$ cd firetools-X.Y.Z
$ ./configure && make && sudo make install-strip

Firetools requires a Qt4 or Qt5 development environment and the coresponding qmake utility. The configuration script, .configure, tries to find qmake in your $PATH. You can also pass the qmake path when you configure the software:

$ ./configure --prefix=/usr --with-qmake=/usr/lib64/qt4/qmake

Debian, Ubuntu, Mint

Download the deb package (64-bit or 32-bit) and install it:

$ sudo dpkg -i firejail_X.Y_1_amd64.deb
or
$ sudo dpkg -i firejail_X.Y_1_i386.deb

Similar for Firetools:

$ sudo dpkg -i firetools_X.Y_1_amd64.deb
or
$ sudo dpkg -i firetools_X.Y_1_i386.deb

Firetools deb package requires libqtgui4 and libqt4-svg.

 

OpenSUSE, CentOS 7, Fedora

Download the rpm package and install it:

$ sudo rpm -i firejail_X.Y-Z.x86_64.rpm

Similar for Firetools:

$ sudo rpm -i firetools_X.Y-Z.x86_64.rpm

Firetools package requires Qt4 library with SVG support.

 

Arch Linux

32-bit and 64-bit Firejail packages are available in Arch Linux Package Repository. A Firetools package is available in AUR.

 

Gentoo

$ sudo emerge firejail

Git Repository

Firejail’s source code is hosted in a Git repository on GitHub. You can access and compile it with the following commands:

$ git clone https://github.com/netblue30/firejail.git
$ cd firejail
$ ./configure && make && sudo make install

Checksums

For each release we provide a firejail-X.Y.Z.asc file that contains SHA256 checksums for each archive released. You can check the checksum using sha256sum utility from GNU Coreutils package.

firejail-X.Y.Z.asc file also includes a GnuPG signature. You can check the integrity of the file using my public key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.12 (GNU/Linux)

mQENBFRaIzYBCACvfLk+0CpSK+03h0svI3XfbSuGppB1jSd70QoX6jgjcJ6ble+G
V8gQEd8hU6Rhw4oa6klY+sVY2Si+7ZLaGQAiucERNG0aJA23gYVw91OyaARNZ1SZ
8Ju7GowCxLOT6Ie8RyWCCv1yXGxQT36j2I1Z9/UvYHvIJISZ48K4Dk8OuF5lcCH7
jN5X/7pqhmBKKx3Ve4UWmiKjisZcEdhJ9U5nyrHNSngPYSia+YIK/wG4nqY3ooZi
HvLA21HeaVBaILmRuRCO7akqxFB9SfJTHDqC0czZ0/3NJ3AyQv/qEkIkxGOHogKx
hNqGUBxYhba9Hl9Sl3IX72aQ28CxUngpXLNJABEBAAG0LG5ldGJsdWUgKGZpcmVq
YWlsIGtleSkgPG5ldGJsdWUzMEB5YWhvby5jb20+iQE4BBMBAgAiBQJUWiM2AhsD
BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAsyzat/FhJp7daB/0UlljRMtJ7
/Ht9gDcQm1pqsShGw29QtLSxDWV7A250GdveGNs2yZTCJQIyoK1Pa+Q5GOUwv0I2
VOxqTgnG3j1pCtcCbb7rkRQa6dix71IgKG+F4wUlWLdgaVsH7h1MtVobZ+nNSQAY
Bl+9vd9cKuyIYI+e6pdlLP/yCT78ehI/wVDD2V/w3ixnvnSLIgoRQRX9gAbRIf3i
/cXpyVn7wLYNMUwBrH3hPDTJPTdNih75ZcMMBWDnkt+IMijtxM++4J+45odoPKb6
bCvq0e0WtWmscOx/jN5cgOyC/87lcQuHSyjiSJowJzJUnO0sL9r1X1RFsU+XhGfN
8Ml/9flP/ojYuQENBFRaIzYBCADCE9S6rB7FI4z07H0PZ97XKh5U7r5hIxWrt1nC
yzD/Hprfy9ZZRJklAa+XlMMIPHHv3h8JEL2B5TWKxCa7KbNYfoLoLGywp6aIw6+X
kDhKXesEDN5WFUCW186hlmEExgNpOGZlbBLqJnaFfxhunSGgdHd5YHiASkts5Uwd
zzo2uFMcn0q0HlLLGAVwI787P6xAsAvgf4BCFuc4XGCWl8XDQbChZ8LC/ovHPq4Q
H8g6cIzya6f5E/VT2+dYGpME0bPmjTm0ZzvTHWfjw+B2d5AO5mNQiewHejnPxrcq
qJkO+Y6S80R/JPfmOI3RCHcoyB+QJ1I2I4yQ6G5dFwKl/IknABEBAAGJAR8EGAEC
AAkFAlRaIzYCGwwACgkQLMs2rfxYSad2pAf8CaKsDD1yj1mvYcUX1chrUlYmZVuR
PSFKf90OETlGSCYqdi4yyeJJnis4HBDcGPa+hFpLVksJlRCKqKQiqjndaNHhRgyM
ZouoeJvBiwCdwpQmZHgpgTv1V8n4PJ4anqISC5/ZGN9HDJ68gDx2hzeuilc+6umK
E99f7Qo8rdaeu5IGhujQhxnemAyTBNGZh3tABZcni5m7uVJKihdDUogghXSnIBxh
ilSqRQrPqyCjic8MUB9S+eBQC4Z67i9YqJaBfb80x9HqINLncGFDHKIajwy8f7Sh
k67z733GYXrAnyHsia4IF4UGRLW4+1xtKE9xmUThmwMdkgqtJ9eqBpAF9A==
=/BT3
-----END PGP PUBLIC KEY BLOCK-----
Advertisements

37 thoughts on “Download

  1. bangdroid

    “For each release we provide a firejail-X.Y.Z.asc file…”

    Sorry if this seems like an obvious question, maybe I am missing it, but where is the asc file?

    Like

    Reply
  2. Pingback: Avoiding Viruses with Linux – Richard Skumat's Website

  3. Pingback: Saiba como limitar a largura de banda usada pelos programas no Linux usando o firejail – Planeta Blusol

  4. Pingback: Perkakas Sandbox Aplikasi Firejail 0.9.42 Hadir, Dukung AppImage dan Snap

  5. Jason

    After installing firejail with root priviladges I get this error when trying to run it & I can not seem to fix it,Any Ideas,Thanks.
    “Error: configuration file should be owned by root”
    I also tried installing via a binary & got similar error

    Like

    Reply
  6. Pingback: Aplikasi Untuk Meningkatkan Keamanan Linux | Tylergrant

  7. Sa ON

    Hi,
    I just installed 0.9.44.10 and I ran into a problem:

    plateform:
    linux mint xfce 18.1

    command:
    firejail palemoon

    message on xterm:

    Reading profile /etc/firejail/palemoon.profile
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-programs.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/whitelist-common.inc
    Error: line 30 in /etc/firejail/palemoon.profile is invalid

    Here are the first few lines of the palemoon profile:

    # This file is overwritten during software install.
    # Persistent customizations should go in a .local file.
    include /etc/firejail/palemoon.local

    # Firejail profile for Pale Moon
    noblacklist ~/.moonchild productions/pale moon
    noblacklist ~/.cache/moonchild productions/pale moon
    include /etc/firejail/disable-common.inc
    include /etc/firejail/disable-programs.inc
    include /etc/firejail/disable-devel.inc
    include /etc/firejail/whitelist-common.inc

    whitelist ${DOWNLOADS}
    mkdir ~/.moonchild productions
    whitelist ~/.moonchild productions
    mkdir ~/.cache/moonchild productions/pale moon
    whitelist ~/.cache/moonchild productions/pale moon

    Reinstalling 0.9.44.8_1 removes this problem.

    Thanks for your work!

    Like

    Reply
  8. Dustin

    The firetools checksums didn’t match up

    sha256sum firetools-0.9.46.tar.xz.asc

    gave me
    8028dbe8b8aff9914992bdbabe48e25c40b5c6fd8507c0e7d587127b452818be firetools-0.9.46.tar.xz.asc

    Whereas

    sha256sum firetools-0.9.46.tar.xz

    Gave me
    1245c6c3aa1437ea218a78dd62ff6c06f7e22fca7b62e967ff9630b54ed3f37c firetools-0.9.46.tar.xz

    Like

    Reply
  9. Kevin

    I tried to install using git but when I run the make command ./configure && make && sudo make install on Linux mint I get:

    gcc -ggdb -O2 -DVERSION='”0.9.49″‘ -DPREFIX='”/usr/local”‘ -DSYSCONFDIR='”/usr/local/etc/firejail”‘ -DLIBDIR='”/usr/local/lib”‘ -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_BIND -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -c fs_lib.c -o fs_lib.o
    fs_lib.c: In function ‘copy_libs_for_lib’:
    fs_lib.c:133:2: error: ‘for’ loop initial declarations are only allowed in C99 mode
    for (int i = 0; lib_paths[i]; i++) {
    ^
    fs_lib.c:133:2: note: use option -std=c99 or -std=gnu99 to compile your code
    make[1]: *** [fs_lib.o] Error 1
    make[1]: Leaving directory `/home/tom/Downloads/firejail/src/firejail’
    make: *** [src/firejail] Error 2

    I then tried downloading the firejail-0.9.48.tar.xz and the firejail-0.9.48.tar.xz.asc but if I run:

    ‘sha256sum firejail-0.9.48.tar.xz’ and ‘sha256sum sha256sum firejail-0.9.48.tar.xz.asc’ I get different values, should these match?

    Thanks
    Kevin

    Like

    Reply
    1. netblue30 Post author

      Thank you for reporting the compile problem. I put a fix on github.

      firejail-0.9.48.tar.xz.asc is created by running “gpg –detach-sign –armor firejail-0.9.48.tar.xz”. It is a detached gpg signature used by Debian project people. I don’t know if the checksums should match the way you described.

      The file you want to look at is firejail-0.9.48.asc – download from sourceforge from the same place with the other archives. Inside you’ll find sha256sums for all archives.

      Like

      Reply
  10. Kevin

    Thanks for confirming both points. The checksums were correct when I checked the right file 🙂

    I have installed the debian package 0.9.48 but if I run firejail –version it still shows 0.9.44.8 even though the package shows as installed. Any ideas?

    Like

    Reply
  11. Jonathan

    There seems to be some residual pulseaudio issues in firejail 0.9.48. I’ve also tried a current git snapshot and this seems to suffer from the same problem. I am running firejail 0.9.48 on Slackware64 14.2 with firefox 54.0.1. Pulseaudio is version 9.0.

    Firejail is started using

    firejail –private-home=.mozilla-fjfirefox \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    The .mozilla-fjfirefox/ directory contains a special firefox setup for use in the sandbox. This works well generally speaking. The only problem is with sound. Firefox displays the info bar saying that pulseaudio might need to be installed. The only other clue that something’s wrong is

    fork(): Operation not permitted

    which is displayed in the window used to run firejail.

    After considerable trial and error I was able to get audio to run in the sandbox using the following steps:
    * Disable private-tmp in the firefox.profile file.
    * Arrange to have pulseaudio running.
    * Start a shell rather than firefox when firejail was run.
    * Copy the content of .config/pulse/ into the sandbox.
    * Run the firefox command in the sandbox.
    Audio then worked fine from the sandboxed firefox.

    As an further experiment, I commented out the pulseaudio_init() call in src/firejail/sandbox.c and tested the resulting firejail using

    firejail –private-home=.mozilla-fjfirefox,config \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    I confirmed that the .config/pulse/ directory contents were copied correctly. When firefox started

    shm_open() failed: No such file or directory

    was shown in the window used to run firejail. Creating .config/pulse/client.conf with the “enable-shm = no” setting in the sandbox is sufficient to make things work again.

    Is there any chance that pulseaudio can be made to work when “–private-home” is in use? The most obvious approach is to copy the user’s .config/pulse/ contents to the sandbox’s .config/pulse/ directory prior to adding the custom client.conf file (all in pulseaudio_init()). There is also the need to ensure /tmp is not private, although it might be sufficent to only make the pulse-* directories visible. However, this might not be the best approach, especially since it still relies on pulseaudio being started outside of the sandbox.

    While I can obviously get audio working, it is a little inconvenient. Including .config in the “–private-home” sorts the copying out, but still relies on a code hack. Besides, it’s not particularly efficient to copy the entire .config/ tree into the sandbox, and in any case doing so results in afair amount of potential information leakage.

    Like

    Reply
    1. netblue30 Post author

      > Is there any chance that pulseaudio can be made to work when “–private-home” is in use?

      You got it wrong, –private-home is something different.. What you need to use is –private. From man page:

             --private=directory
                    Use directory as user home.
      
                    Example:
                    $ firejail --private=/home/netblue/firefox-home firefox
      

      In the new home directory create a .config/pulse directory. In this directory you copy a pulseaudio client.conf file with a “enable-shm = no” line. That’s all that is to it.

      Like

      Reply
      1. Jonathan

        Thanks for the suggestion. I can’t see how the use of “–private” results in anything that’s practically different in this situation. The only difference I see is that with “–private” the content of the private home directory must be collected into a dedicated directory whereas with “–private-home” the listed directories are taken to be the content of the private home directory. Either way, the result should be the same.

        In any case, I did as you suggested: created a new directory (~/fjtest/), put the pre-configured firefox profile in that, created ~/fjtest/.config/pulse/client.conf with “enable-shm = no”, and ran firejail with the “–private=~/fjtest” option. The behaviour of firefox was the same as I had seen before: as soon as firefox went to play audio the “fork(): Operation not permitted” message was shown in the console and firefox displayed the message about needing to install pulseaudio.

        It seems that firefox believes pulseaudio not already running (which is true sometimes), tries to start it (presumedly via fork()) and fails because fork() returns EPERM. Curiously though this happens even if pulseaudio is already running due to it being started by some other program.

        Like

  12. Raul

    Errors
    QUOTE-
    Similar for Firetools:

    $ sudo dpkg -i firejail_X.Y_1_amd64.deb
    or
    $ sudo dpkg -i firejail_X.Y_1_i386.deb
    -END-QUOTE

    isn’t it suppose to be firetools file???

    QUOTE-
    dpkg: error processing archive firejail_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:
    firejail_X.Y_1_amd64.deb
    -END-QUOTE

    So I tried the following…

    QUOTE-
    sudo dpkg -i firetools_X.Y_1_amd64.deb
    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:
    firetools_X.Y_1_amd64.deb
    -END-QUOTE

    However firejail was accessible via Mint’s software manager, but not firetools.

    Like

    Reply
  13. Raul

    Ok so the spelling appears to be corrected, however I got an error…

    QUOTE-
    $ sudo dpkg -i firetools_X.Y_1_amd64.deb

    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:
    firetools_X.Y_1_amd64.deb
    -END-QUOTE

    $ lsb_release -a
    LSB Version: core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
    Distributor ID: LinuxMint
    Description: Linux Mint 18.1 Serena
    Release: 18.1
    Codename: serena

    Like

    Reply
  14. Matthew

    I apologize for this post, but I am afraid I am giving up on this. With failed dependencies (libc.so.6(), libc.so.6(GLIBC_2.14), and many others), I can’t find what is needed on the internet. With little Linux experience under my belt, combined with the lack of user friendliness of this installation procedure, I’m throwing in the towel.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s