Download the latest version:

In case SourceForge is down, a mirror is available on Open Source Developer Network.

For release notifications subscribe to the atom feeds below:


Try installing Firejail from your system packages first. Firejail is included in Alpine, ALT Linux, Arch, Chakra, Debian, Deepin, Devuan, Gentoo, Manjaro, Mint, NixOS, Parabola, Parrot, PCLinuxOS, ROSA, Solus, Slackware/SlackBuilds, Trisquel, Ubuntu, Void. You can also install one of the released packages, or clone Firejail’s source code from Git repository.

After install run:

$ firecfg --fix-sound
$ sudo firecfg

The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. You would need to logout and login back to apply PulseAudio changes. The second command integrates Firejail into your desktop. You can read more about system integration in Linux Mint Sandboxing Guide.



Source Code

Download the source code archive and extract the files:

$ tar -xjvf firejail-X.Y.Z.tar.bz2
$ tar -xJvf firejail-X.Y.Z.tar.xz

Compile and install

$ cd firejail-X.Y.Z
$ ./configure && make && sudo make install-strip

Firetools compilation is similar:

$ tar -xjvf firetools-X.Y.Z.tar.bz2
$ tar -xJvf firetools-X.Y.Z.tar.xz

$ cd firetools-X.Y.Z
$ ./configure && make && sudo make install-strip

Firetools requires a Qt4 or Qt5 development environment and the coresponding qmake utility. The configuration script, .configure, tries to find qmake in your $PATH. You can also pass the qmake path when you configure the software:

$ ./configure --prefix=/usr --with-qmake=/usr/lib64/qt4/qmake

Debian, Ubuntu, Mint

Download the deb package (64-bit or 32-bit) and install it:

$ sudo dpkg -i firejail_X.Y_1_amd64.deb
$ sudo dpkg -i firejail_X.Y_1_i386.deb

Similar for Firetools:

$ sudo dpkg -i firetools_X.Y_1_amd64.deb
$ sudo dpkg -i firetools_X.Y_1_i386.deb

Firetools deb package requires libqtgui4 and libqt4-svg.


OpenSUSE, CentOS 7, Fedora

Download the rpm package and install it:

$ sudo rpm -i firejail_X.Y-Z.x86_64.rpm

Similar for Firetools:

$ sudo rpm -i firetools_X.Y-Z.x86_64.rpm

Firetools package requires Qt4 library with SVG support.


Arch Linux

32-bit and 64-bit Firejail packages are available in Arch Linux Package Repository. A Firetools package is available in AUR.



$ sudo emerge firejail

Git Repository

Firejail’s source code is hosted in a Git repository on GitHub. You can access and compile it with the following commands:

$ git clone
$ cd firejail
$ ./configure && make && sudo make install


For each release we provide a firejail-X.Y.Z.asc file that contains SHA256 checksums for each archive released. You can check the checksum using sha256sum utility from GNU Coreutils package.

firejail-X.Y.Z.asc file also includes a GnuPG signature. You can check the integrity of the file using my public key:

Version: GnuPG v1.4.12 (GNU/Linux)


44 thoughts on “Download

  1. bangdroid

    “For each release we provide a firejail-X.Y.Z.asc file…”

    Sorry if this seems like an obvious question, maybe I am missing it, but where is the asc file?


  2. Pingback: Avoiding Viruses with Linux – Richard Skumat's Website

  3. Pingback: Saiba como limitar a largura de banda usada pelos programas no Linux usando o firejail – Planeta Blusol

  4. Pingback: Perkakas Sandbox Aplikasi Firejail 0.9.42 Hadir, Dukung AppImage dan Snap

  5. Jason

    After installing firejail with root priviladges I get this error when trying to run it & I can not seem to fix it,Any Ideas,Thanks.
    “Error: configuration file should be owned by root”
    I also tried installing via a binary & got similar error


  6. Pingback: Aplikasi Untuk Meningkatkan Keamanan Linux | Tylergrant

  7. Sa ON

    I just installed and I ran into a problem:

    linux mint xfce 18.1

    firejail palemoon

    message on xterm:

    Reading profile /etc/firejail/palemoon.profile
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Error: line 30 in /etc/firejail/palemoon.profile is invalid

    Here are the first few lines of the palemoon profile:

    # This file is overwritten during software install.
    # Persistent customizations should go in a .local file.
    include /etc/firejail/palemoon.local

    # Firejail profile for Pale Moon
    noblacklist ~/.moonchild productions/pale moon
    noblacklist ~/.cache/moonchild productions/pale moon
    include /etc/firejail/
    include /etc/firejail/
    include /etc/firejail/
    include /etc/firejail/

    whitelist ${DOWNLOADS}
    mkdir ~/.moonchild productions
    whitelist ~/.moonchild productions
    mkdir ~/.cache/moonchild productions/pale moon
    whitelist ~/.cache/moonchild productions/pale moon

    Reinstalling removes this problem.

    Thanks for your work!


  8. Dustin

    The firetools checksums didn’t match up

    sha256sum firetools-0.9.46.tar.xz.asc

    gave me
    8028dbe8b8aff9914992bdbabe48e25c40b5c6fd8507c0e7d587127b452818be firetools-0.9.46.tar.xz.asc


    sha256sum firetools-0.9.46.tar.xz

    Gave me
    1245c6c3aa1437ea218a78dd62ff6c06f7e22fca7b62e967ff9630b54ed3f37c firetools-0.9.46.tar.xz


  9. Kevin

    I tried to install using git but when I run the make command ./configure && make && sudo make install on Linux mint I get:

    gcc -ggdb -O2 -DVERSION='”0.9.49″‘ -DPREFIX='”/usr/local”‘ -DSYSCONFDIR='”/usr/local/etc/firejail”‘ -DLIBDIR='”/usr/local/lib”‘ -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_BIND -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -c fs_lib.c -o fs_lib.o
    fs_lib.c: In function ‘copy_libs_for_lib’:
    fs_lib.c:133:2: error: ‘for’ loop initial declarations are only allowed in C99 mode
    for (int i = 0; lib_paths[i]; i++) {
    fs_lib.c:133:2: note: use option -std=c99 or -std=gnu99 to compile your code
    make[1]: *** [fs_lib.o] Error 1
    make[1]: Leaving directory `/home/tom/Downloads/firejail/src/firejail’
    make: *** [src/firejail] Error 2

    I then tried downloading the firejail-0.9.48.tar.xz and the firejail-0.9.48.tar.xz.asc but if I run:

    ‘sha256sum firejail-0.9.48.tar.xz’ and ‘sha256sum sha256sum firejail-0.9.48.tar.xz.asc’ I get different values, should these match?



    1. netblue30 Post author

      Thank you for reporting the compile problem. I put a fix on github.

      firejail-0.9.48.tar.xz.asc is created by running “gpg –detach-sign –armor firejail-0.9.48.tar.xz”. It is a detached gpg signature used by Debian project people. I don’t know if the checksums should match the way you described.

      The file you want to look at is firejail-0.9.48.asc – download from sourceforge from the same place with the other archives. Inside you’ll find sha256sums for all archives.


  10. Kevin

    Thanks for confirming both points. The checksums were correct when I checked the right file 🙂

    I have installed the debian package 0.9.48 but if I run firejail –version it still shows even though the package shows as installed. Any ideas?


  11. Jonathan

    There seems to be some residual pulseaudio issues in firejail 0.9.48. I’ve also tried a current git snapshot and this seems to suffer from the same problem. I am running firejail 0.9.48 on Slackware64 14.2 with firefox 54.0.1. Pulseaudio is version 9.0.

    Firejail is started using

    firejail –private-home=.mozilla-fjfirefox \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    The .mozilla-fjfirefox/ directory contains a special firefox setup for use in the sandbox. This works well generally speaking. The only problem is with sound. Firefox displays the info bar saying that pulseaudio might need to be installed. The only other clue that something’s wrong is

    fork(): Operation not permitted

    which is displayed in the window used to run firejail.

    After considerable trial and error I was able to get audio to run in the sandbox using the following steps:
    * Disable private-tmp in the firefox.profile file.
    * Arrange to have pulseaudio running.
    * Start a shell rather than firefox when firejail was run.
    * Copy the content of .config/pulse/ into the sandbox.
    * Run the firefox command in the sandbox.
    Audio then worked fine from the sandboxed firefox.

    As an further experiment, I commented out the pulseaudio_init() call in src/firejail/sandbox.c and tested the resulting firejail using

    firejail –private-home=.mozilla-fjfirefox,config \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    I confirmed that the .config/pulse/ directory contents were copied correctly. When firefox started

    shm_open() failed: No such file or directory

    was shown in the window used to run firejail. Creating .config/pulse/client.conf with the “enable-shm = no” setting in the sandbox is sufficient to make things work again.

    Is there any chance that pulseaudio can be made to work when “–private-home” is in use? The most obvious approach is to copy the user’s .config/pulse/ contents to the sandbox’s .config/pulse/ directory prior to adding the custom client.conf file (all in pulseaudio_init()). There is also the need to ensure /tmp is not private, although it might be sufficent to only make the pulse-* directories visible. However, this might not be the best approach, especially since it still relies on pulseaudio being started outside of the sandbox.

    While I can obviously get audio working, it is a little inconvenient. Including .config in the “–private-home” sorts the copying out, but still relies on a code hack. Besides, it’s not particularly efficient to copy the entire .config/ tree into the sandbox, and in any case doing so results in afair amount of potential information leakage.


    1. netblue30 Post author

      > Is there any chance that pulseaudio can be made to work when “–private-home” is in use?

      You got it wrong, –private-home is something different.. What you need to use is –private. From man page:

                    Use directory as user home.
                    $ firejail --private=/home/netblue/firefox-home firefox

      In the new home directory create a .config/pulse directory. In this directory you copy a pulseaudio client.conf file with a “enable-shm = no” line. That’s all that is to it.


      1. Jonathan

        Thanks for the suggestion. I can’t see how the use of “–private” results in anything that’s practically different in this situation. The only difference I see is that with “–private” the content of the private home directory must be collected into a dedicated directory whereas with “–private-home” the listed directories are taken to be the content of the private home directory. Either way, the result should be the same.

        In any case, I did as you suggested: created a new directory (~/fjtest/), put the pre-configured firefox profile in that, created ~/fjtest/.config/pulse/client.conf with “enable-shm = no”, and ran firejail with the “–private=~/fjtest” option. The behaviour of firefox was the same as I had seen before: as soon as firefox went to play audio the “fork(): Operation not permitted” message was shown in the console and firefox displayed the message about needing to install pulseaudio.

        It seems that firefox believes pulseaudio not already running (which is true sometimes), tries to start it (presumedly via fork()) and fails because fork() returns EPERM. Curiously though this happens even if pulseaudio is already running due to it being started by some other program.


  12. Raul

    Similar for Firetools:

    $ sudo dpkg -i firejail_X.Y_1_amd64.deb
    $ sudo dpkg -i firejail_X.Y_1_i386.deb

    isn’t it suppose to be firetools file???

    dpkg: error processing archive firejail_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    So I tried the following…

    sudo dpkg -i firetools_X.Y_1_amd64.deb
    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    However firejail was accessible via Mint’s software manager, but not firetools.


  13. Raul

    Ok so the spelling appears to be corrected, however I got an error…

    $ sudo dpkg -i firetools_X.Y_1_amd64.deb

    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    $ lsb_release -a
    LSB Version: core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
    Distributor ID: LinuxMint
    Description: Linux Mint 18.1 Serena
    Release: 18.1
    Codename: serena


  14. Matthew

    I apologize for this post, but I am afraid I am giving up on this. With failed dependencies (,, and many others), I can’t find what is needed on the internet. With little Linux experience under my belt, combined with the lack of user friendliness of this installation procedure, I’m throwing in the towel.


      1. Matthew

        Netblue, first of all a second apology is in order. The work done for FireJail / FireTools is outstanding. Cheers to all those who put in their expertise in creating the much-needed functionality. My earlier words of user unfriendliness were a bit harsh and if you permit me, I’d like to wipe the egg off my face. That being said :), I eventually found that the 32-bit Fedora I was using combined with the rpm package I thought would work wasn’t getting along. So, I installed the 64-bit Fedora 26 OS and the FireJail/Firetools installation was all handled through the gui, and not Terminal. Smooth as butter. Background: As a Windows user, and realizing the profound benefits of Linux, I just started using a VMware virtual machine linked to a Fedora v26 (now 64-bit OS) ISO file. It is taking a little while getting up to speed with the new syntax, but I’ll get there. So…we’re good to go. I appreciate you getting back to me. Cheers to you and again, thank you for all the hard work.


  15. Pingback: SandBoxing Programs in Linux | IT Meets.Guru | Cyber Security Conferences, Gaming, Workshop, Seminars

  16. miphix

    Main point of interest for me, is the overhead generated by using firejail as
    a login shell, using the firejail-login method defined in the man pages so
    kindly made available. My question is this, do all users with the firejail
    login, use the same namespace, or unique to their own username? or, per shell?
    Also, is there a supported method of pooling together any one user, or shell
    wholesale into one namespace? ‘–chroot’?

    Thank you in advance, you are my hero for giving us this tool



Leave a Reply to Matthew Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s