Download the latest version:


In case SourceForge is down, a mirror is available on GitHub.

For release notifications subscribe to the atom feeds below:


Try installing Firejail from your system packages first. Firejail is included in most Linux distributions. You can also install one of the released packages, or clone Firejail’s source code from our Git repository.

After install, run sudo firecfg in a terminal. The command integrates Firejail into your desktop. You will be able to start your sandboxed applications by:

  • clicking on the app icon in your window manager menus
  • clicking on a file in the file manager will automatically sandbox the application opening the file
  • no need to prefix your application with firejail when starting in command line

To install our binary packages from SourceForge or GitHub run:

   $ sudo dpkg -i firejail_X.Y.Z_amd64.deb

Source Code

Download the source code archive and extract the files:

$ tar -xJvf firejail-X.Y.Z.tar.xz

Compile and install

$ cd firejail-X.Y.Z
$ ./configure && make && sudo make install-strip

AppArmor support is not enabled by default at compile time. It is also missing from the binary packages we distribute on this site. Add “–enable-apparmor” in configure command to include this support:

$ ./configure --enable-apparmor && make && sudo make install-strip

You can find more AppArmor information in our Firejail Usage document.

Firetools compilation is described here.


Git Repository

Firejail’s source code is hosted in a Git repository on GitHub. You can access and compile it with the following commands:

$ git clone
$ cd firejail
$ ./configure && make && sudo make install


For each release we provide a firejail-X.Y.Z.asc file that contains SHA256 checksums for each archive released. You can check the checksum using sha256sum utility from GNU Coreutils package.

firejail-X.Y.Z.asc file also includes a GnuPG signature. You can check the integrity of the file using our public key below. We use this key across all Firejail-related projects.

Version: GnuPG v1.4.12 (GNU/Linux)



91 thoughts on “Download

  1. bangdroid

    “For each release we provide a firejail-X.Y.Z.asc file…”

    Sorry if this seems like an obvious question, maybe I am missing it, but where is the asc file?


      1. stufcuzimbord

        When I try to run firejail Firefox this error message pops up

        Reading profile /etc/firejail/firefox.profile
        Reading profile /etc/firejail/firefox-common.profile
        Reading profile /etc/firejail/
        Reading profile /etc/firejail/
        Reading profile /etc/firejail/
        Reading profile /etc/firejail/
        Reading profile /etc/firejail/
        Reading profile /etc/firejail/
        Warning: networking feature is disabled in Firejail configuration file
        Parent pid 5649, child pid 5650
        Error: cannot create /dev/zero device
        Error: proc 5649 cannot sync with peer: unexpected EOF
        Peer 5650 unexpectedly exited with status 1

        what can I do to fix this?



  2. Pingback: Avoiding Viruses with Linux – Richard Skumat's Website

  3. Pingback: Saiba como limitar a largura de banda usada pelos programas no Linux usando o firejail – Planeta Blusol

  4. Pingback: Perkakas Sandbox Aplikasi Firejail 0.9.42 Hadir, Dukung AppImage dan Snap

  5. Jason

    After installing firejail with root priviladges I get this error when trying to run it & I can not seem to fix it,Any Ideas,Thanks.
    “Error: configuration file should be owned by root”
    I also tried installing via a binary & got similar error


  6. Pingback: Aplikasi Untuk Meningkatkan Keamanan Linux | Tylergrant

  7. Sa ON

    I just installed and I ran into a problem:

    linux mint xfce 18.1

    firejail palemoon

    message on xterm:

    Reading profile /etc/firejail/palemoon.profile
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Reading profile /etc/firejail/
    Error: line 30 in /etc/firejail/palemoon.profile is invalid

    Here are the first few lines of the palemoon profile:

    # This file is overwritten during software install.
    # Persistent customizations should go in a .local file.
    include /etc/firejail/palemoon.local

    # Firejail profile for Pale Moon
    noblacklist ~/.moonchild productions/pale moon
    noblacklist ~/.cache/moonchild productions/pale moon
    include /etc/firejail/
    include /etc/firejail/
    include /etc/firejail/
    include /etc/firejail/

    whitelist ${DOWNLOADS}
    mkdir ~/.moonchild productions
    whitelist ~/.moonchild productions
    mkdir ~/.cache/moonchild productions/pale moon
    whitelist ~/.cache/moonchild productions/pale moon

    Reinstalling removes this problem.

    Thanks for your work!


  8. Dustin

    The firetools checksums didn’t match up

    sha256sum firetools-0.9.46.tar.xz.asc

    gave me
    8028dbe8b8aff9914992bdbabe48e25c40b5c6fd8507c0e7d587127b452818be firetools-0.9.46.tar.xz.asc


    sha256sum firetools-0.9.46.tar.xz

    Gave me
    1245c6c3aa1437ea218a78dd62ff6c06f7e22fca7b62e967ff9630b54ed3f37c firetools-0.9.46.tar.xz


  9. Kevin

    I tried to install using git but when I run the make command ./configure && make && sudo make install on Linux mint I get:

    gcc -ggdb -O2 -DVERSION='”0.9.49″‘ -DPREFIX='”/usr/local”‘ -DSYSCONFDIR='”/usr/local/etc/firejail”‘ -DLIBDIR='”/usr/local/lib”‘ -DHAVE_X11 -DHAVE_PRIVATE_HOME -DHAVE_OVERLAYFS -DHAVE_SECCOMP -DHAVE_GLOBALCFG -DHAVE_SECCOMP_H -DHAVE_CHROOT -DHAVE_NETWORK -DHAVE_USERNS -DHAVE_BIND -DHAVE_FILE_TRANSFER -DHAVE_WHITELIST -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security -c fs_lib.c -o fs_lib.o
    fs_lib.c: In function ‘copy_libs_for_lib’:
    fs_lib.c:133:2: error: ‘for’ loop initial declarations are only allowed in C99 mode
    for (int i = 0; lib_paths[i]; i++) {
    fs_lib.c:133:2: note: use option -std=c99 or -std=gnu99 to compile your code
    make[1]: *** [fs_lib.o] Error 1
    make[1]: Leaving directory `/home/tom/Downloads/firejail/src/firejail’
    make: *** [src/firejail] Error 2

    I then tried downloading the firejail-0.9.48.tar.xz and the firejail-0.9.48.tar.xz.asc but if I run:

    ‘sha256sum firejail-0.9.48.tar.xz’ and ‘sha256sum sha256sum firejail-0.9.48.tar.xz.asc’ I get different values, should these match?



    1. netblue30 Post author

      Thank you for reporting the compile problem. I put a fix on github.

      firejail-0.9.48.tar.xz.asc is created by running “gpg –detach-sign –armor firejail-0.9.48.tar.xz”. It is a detached gpg signature used by Debian project people. I don’t know if the checksums should match the way you described.

      The file you want to look at is firejail-0.9.48.asc – download from sourceforge from the same place with the other archives. Inside you’ll find sha256sums for all archives.


  10. Kevin

    Thanks for confirming both points. The checksums were correct when I checked the right file 🙂

    I have installed the debian package 0.9.48 but if I run firejail –version it still shows even though the package shows as installed. Any ideas?


  11. Jonathan

    There seems to be some residual pulseaudio issues in firejail 0.9.48. I’ve also tried a current git snapshot and this seems to suffer from the same problem. I am running firejail 0.9.48 on Slackware64 14.2 with firefox 54.0.1. Pulseaudio is version 9.0.

    Firejail is started using

    firejail –private-home=.mozilla-fjfirefox \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    The .mozilla-fjfirefox/ directory contains a special firefox setup for use in the sandbox. This works well generally speaking. The only problem is with sound. Firefox displays the info bar saying that pulseaudio might need to be installed. The only other clue that something’s wrong is

    fork(): Operation not permitted

    which is displayed in the window used to run firejail.

    After considerable trial and error I was able to get audio to run in the sandbox using the following steps:
    * Disable private-tmp in the firefox.profile file.
    * Arrange to have pulseaudio running.
    * Start a shell rather than firefox when firejail was run.
    * Copy the content of .config/pulse/ into the sandbox.
    * Run the firefox command in the sandbox.
    Audio then worked fine from the sandboxed firefox.

    As an further experiment, I commented out the pulseaudio_init() call in src/firejail/sandbox.c and tested the resulting firejail using

    firejail –private-home=.mozilla-fjfirefox,config \
    firefox –no-remote –profile .mozilla-fjfirefox/firefox/yfdahcj1.default

    I confirmed that the .config/pulse/ directory contents were copied correctly. When firefox started

    shm_open() failed: No such file or directory

    was shown in the window used to run firejail. Creating .config/pulse/client.conf with the “enable-shm = no” setting in the sandbox is sufficient to make things work again.

    Is there any chance that pulseaudio can be made to work when “–private-home” is in use? The most obvious approach is to copy the user’s .config/pulse/ contents to the sandbox’s .config/pulse/ directory prior to adding the custom client.conf file (all in pulseaudio_init()). There is also the need to ensure /tmp is not private, although it might be sufficent to only make the pulse-* directories visible. However, this might not be the best approach, especially since it still relies on pulseaudio being started outside of the sandbox.

    While I can obviously get audio working, it is a little inconvenient. Including .config in the “–private-home” sorts the copying out, but still relies on a code hack. Besides, it’s not particularly efficient to copy the entire .config/ tree into the sandbox, and in any case doing so results in afair amount of potential information leakage.


    1. netblue30 Post author

      > Is there any chance that pulseaudio can be made to work when “–private-home” is in use?

      You got it wrong, –private-home is something different.. What you need to use is –private. From man page:

                    Use directory as user home.
                    $ firejail --private=/home/netblue/firefox-home firefox

      In the new home directory create a .config/pulse directory. In this directory you copy a pulseaudio client.conf file with a “enable-shm = no” line. That’s all that is to it.


      1. Jonathan

        Thanks for the suggestion. I can’t see how the use of “–private” results in anything that’s practically different in this situation. The only difference I see is that with “–private” the content of the private home directory must be collected into a dedicated directory whereas with “–private-home” the listed directories are taken to be the content of the private home directory. Either way, the result should be the same.

        In any case, I did as you suggested: created a new directory (~/fjtest/), put the pre-configured firefox profile in that, created ~/fjtest/.config/pulse/client.conf with “enable-shm = no”, and ran firejail with the “–private=~/fjtest” option. The behaviour of firefox was the same as I had seen before: as soon as firefox went to play audio the “fork(): Operation not permitted” message was shown in the console and firefox displayed the message about needing to install pulseaudio.

        It seems that firefox believes pulseaudio not already running (which is true sometimes), tries to start it (presumedly via fork()) and fails because fork() returns EPERM. Curiously though this happens even if pulseaudio is already running due to it being started by some other program.


  12. Raul

    Similar for Firetools:

    $ sudo dpkg -i firejail_X.Y_1_amd64.deb
    $ sudo dpkg -i firejail_X.Y_1_i386.deb

    isn’t it suppose to be firetools file???

    dpkg: error processing archive firejail_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    So I tried the following…

    sudo dpkg -i firetools_X.Y_1_amd64.deb
    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    However firejail was accessible via Mint’s software manager, but not firetools.


  13. Raul

    Ok so the spelling appears to be corrected, however I got an error…

    $ sudo dpkg -i firetools_X.Y_1_amd64.deb

    dpkg: error processing archive firetools_X.Y_1_amd64.deb (–install):
    cannot access archive: No such file or directory
    Errors were encountered while processing:

    $ lsb_release -a
    LSB Version: core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
    Distributor ID: LinuxMint
    Description: Linux Mint 18.1 Serena
    Release: 18.1
    Codename: serena


  14. Matthew

    I apologize for this post, but I am afraid I am giving up on this. With failed dependencies (,, and many others), I can’t find what is needed on the internet. With little Linux experience under my belt, combined with the lack of user friendliness of this installation procedure, I’m throwing in the towel.


      1. Matthew

        Netblue, first of all a second apology is in order. The work done for FireJail / FireTools is outstanding. Cheers to all those who put in their expertise in creating the much-needed functionality. My earlier words of user unfriendliness were a bit harsh and if you permit me, I’d like to wipe the egg off my face. That being said :), I eventually found that the 32-bit Fedora I was using combined with the rpm package I thought would work wasn’t getting along. So, I installed the 64-bit Fedora 26 OS and the FireJail/Firetools installation was all handled through the gui, and not Terminal. Smooth as butter. Background: As a Windows user, and realizing the profound benefits of Linux, I just started using a VMware virtual machine linked to a Fedora v26 (now 64-bit OS) ISO file. It is taking a little while getting up to speed with the new syntax, but I’ll get there. So…we’re good to go. I appreciate you getting back to me. Cheers to you and again, thank you for all the hard work.


  15. Pingback: SandBoxing Programs in Linux | IT Meets.Guru | Cyber Security Conferences, Gaming, Workshop, Seminars

  16. miphix

    Main point of interest for me, is the overhead generated by using firejail as
    a login shell, using the firejail-login method defined in the man pages so
    kindly made available. My question is this, do all users with the firejail
    login, use the same namespace, or unique to their own username? or, per shell?
    Also, is there a supported method of pooling together any one user, or shell
    wholesale into one namespace? ‘–chroot’?

    Thank you in advance, you are my hero for giving us this tool


  17. spacedream

    Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux

    installed firejail, reboot, then under user, using xfce4-terminal:

    $ firejail firefox
    Warning: cannot switch euid to root
    Warning: cannot switch egid to root
    Warning: cannot switch euid to root
    Warning: cannot switch egid to root
    Warning: cannot switch euid to root
    Warning: cannot switch egid to root
    same for run any program from xfce4-terminal.
    how to fix that behavior? thanx!


  18. GNUser


    I have made a fresh install of firejail 0.9.54 in Trisquel 8 (based off Ubuntu 16.04) and everything is working fine, except the start-tor-browser profile breaks sound in Tor Browser. Even after running firecfg –fix-sound I get “To play audio, you may need to install the required PulseAudio software.” However when I run TBB without the use of firejail, I get sound playing all right. Also, all other apps (inside firejail) have sound. Abrowser, VLC, etc, all have sound within firejail. I have tried commenting some lines but it keeps doing the same thing. Any ideas??




    1. netblue30 Post author

      > start-tor-browser profile breaks sound in Tor Browser.

      Do you have PulseAudio installed? A few months back Firefox dropped the support for ALSA. Abrowser and VLC pick up ALSA or PulseAudio, whatever is available, but Firefox really needs PulseAudio.


      1. GNUser

        Sorry, only noticed this reply of yours now.
        Well, I thought I had pulseaudio installed and when I run “sudo apt-get install pulseaudio” it gives me “pulseaudio is already the newest version (1:8.0-0ubuntu3.10)”
        HOWEVER, the Add/Remove Aplications program in ubuntu (I am running Trisquel, which uses the same add/remove as ubuntu) shows that some stuff related to pulse is unchecked / not installed. I could try installing those, but I am afraid there will be issues of having alsa tools and pulseaudio tools together…
        Also, I don’t understand why withing Firejail I would get no sound and when I run Tor Browser without Firejail it gets perfect sound. Shouldn’t it always require the same stuff??


  19. GNUser

    Hey there,

    I just noticed that “sudo firecfg” doesn’t create the symlink for engrampa. I have tried –fix, clean, and firecfg again too and it did no good. I am using version 0.9.54
    Any ideas?



    1. netblue30 Post author

      This is a bug, thanks! I put a fix on github for the next version. We have a list of the programs handled by firecfg in /usr/lib/firejail/firecfg.config. engrampa needs to be added to the list. To fix ist locally on your computer, open the list in a text editor

      $ sudo /usr/bin/gedit /usr/lib/firejail/firecfg.config

      and add engrampa to the list, something like this:


      1. GNUser

        Thank you!
        I will try that out, even though I don’t really mind waiting for a new release 🙂
        I am slightly more worried about the sound issue with Tor Browser. I have been running it without Firejail, which is not my favorite way to do it anymore. Love the added security 😉
        I don’t understand why firecfg –fix-sound doesn’t work.
        Thank you again for the great work.


  20. Pingback: Firejail Tutorial – eirenicon llc

  21. GNUser

    Hey there,

    I think the reason for not getting sound in Tor Browser is related to user privileges. I noticed someone having issues (without firejail) with getting pulse to have access to his own home directory and it was preventing him from having sound in firefox. Given the fact that firejail restricts access to some folders I would say it should be related.
    Hope this helps.



  22. Spooky

    I was using a firejailed Tor when Tor autoupdated to version 8. When I restarted Tor the tab that loads at startup crashes with an error message of “Gah. Your tab just crashed”. Any new tabs crash as well and it is impossible to load any pages. If I start Tor without being firejailed it loads correctly. I’m running .9.54_1 of firejail.


  23. GNUser


    I installed the latest release of firejail, 0.9.56 but it still gives no sound in Tor Browser.
    Abrowser works fine within Firejail, get sound. Tor Browser doesn’t. Noticed that it doesn’t even appear inside the sound manager tab “Applications”. No idea why..
    Anyone else running into the same issue?


  24. MMM

    Apologies – I don’t want to be misleading with my previous post. The x.y.z.tar.xz.asc verifies the x.y.z.tar.xz (the .xz compressed .tar archive). However I cannot get the the x.y.z.asc (or the x.y.z.tar.xz.asc for that matter) to verify the x.y.z.deb package (have imported the pgp public key block as .gpg file & then I tried extracting the pgp signature portion of the x.y.z.asc file & saving it as x.y.z.asc & also x.y.z.sig & attempting to verify them against the x.y.z.deb package which resulted:
    gpg: BAD signature……
    I also extracted the control archive from the .deb package & then tried to verify that, which was unsuccessful.


  25. Steve

    There is a warning when running firejail

    $ sudo firejail --net=eth0 firefox

    I get this:

    Warning: an existing sandbox was detected. /usr/bin/firefox will run without any additional sandboxing features

    Fc29 is default install and I believe uses SeLinux.
    Is this warning message about SeLinux?
    Is this an issue I can resolve?

    Installed Packages
    Name : firejail
    Version : 0.9.56
    Release : 6.fc29
    Architecture : x86_64
    Size : 1.4 M
    Source : firejail-0.9.56-6.fc29.src.rpm



  26. Pingback: ⭐ Cómo mejorar la seguridad de su sistema Linux con Firejail | Guias y Tutoriales

  27. Pingback: Firejail from the default repos doesn’t work – Mags Forum Technology

  28. Josh

    Is there a way to only firecfg specific programs? I want to firecfg qBittorrent and VLC, but not Chrome as that would mean qBittorrent is opened in the Chrome jail.

    Is this doable?


    1. netblue30 Post author

      I usually do this for Firefox/TransmissionQt combination. I have both of them running, and I drag&drop the torrent link or the magnet from Firefox into Transmission, like in this video:

      Just by clicking into the browser will open the bittorrent app in the same sandbox as the browser.


  29. Josh

    There’s a typo in this sentence
    “It is also missing form the binary packages we distribute on this site”
    “form” should say “from”


  30. baba

    When I installed it through the command,
    sudo rpm -i firejail-0.9.62-1.x86_64.rpm
    Shows error
    is not in the sudoers file. This incident will be reported.
    How can it be fixed?


  31. Pingback: Firejail – Kompjuteri

  32. Pingback: ▷ Cum Să îmbunătățiți Securitatea Sistemului Dvs. Linux Cu Firejail | Routech

  33. Pingback: Firejail duyuruldu | get GNU

  34. Pingback: Firejail duyuruldu | get GNU

  35. Pingback: Firejail 0.9.66 duyuruldu | get GNU

  36. Pingback: Cách cải thiện tính bảo mật của hệ thống Linux của bạn với Firejail – Tech Blog

  37. Bobby S.

    I just recently upgraded to Ubuntu 21.10 and now I get a message when I try to launch FireTools: “Cannot run Firejail sandbox, you may not have the correct permissions to access this program.”

    In addition, in the terminal, I get this:
    $ firejail –list
    Error PR_CAPBSET_DROP: caps.c:323 caps_drop_all: Operation not permitted
    Error: failed to run /usr/bin/firemon


  38. RCD

    Though the instructions are simple, I (non-techie but capable) can’t figure out how to use FireJail.

    “After install, run sudo firecfg in a terminal. The command integrates Firejail into your desktop. You will be able to start your sandboxed applications by:

    clicking on the app icon in your window manager menus
    clicking on a file in the file manager will automatically sandbox the application opening the file
    no need to prefix your application with firejail when starting in command line”

    I don’t see the icon in any of my menus. When I super key look for the program, nothing comes up. Seemed like a totally successful install (including apparmor). What am I missing?



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s