Jump to content
Not connected, Your IP: 18.217.4.250
AirVPN
snaggle

Firejail - sandbox your Linux apps

By snaggle, ... in Off-Topic

Recommended Posts

snaggle    25

snaggle
Posted ...

Hi there,

I have been using Firejail for a while now and think it's pretty awesome.

https://l3net.wordpress.com/projects/firejail/

I can sandbox my browsers, mail clients, torrent clients pretty much any web facing app.

I have just been poking around in the man pages and found...

 firejail --dns=8.8.8.8 --dns=8.8.4.4 firefox

This command will run Firefox sandboxed and only allow the designated DNS.

Obviously  Googles DNS is just an example.

 

For those who haven't seen this app it's definitely worth taking some time to check it out.

 

 

 

encrypted and InactiveUser reacted to this

Share this post

Link to post

InactiveUser    188

InactiveUser
Posted ...

Yes it is a great tool, been using it myself too. Although AppArmor/SELinux can do all of that (and more) and are more tightly integrated/preinstalled in many Linux distros, I find firejail to be much easier to configure.

 

Any firejail user should definitely spend some time to fully understand how to use the profiles in /etc/profile/firejail and how to customize them. Perhaps one of the most useful features: limit filesystem access.

Remember the recent Firefox PDF exploit that allowed malicious websites to read and upload arbitrary files from your computer?

Firejail could have protected your documents:

 

blacklist ${HOME}/Documents

 

You still want Firefox to access your nested "Screenshots" folder?
 

noblacklist ${HOME}/Documents/Screenshots

 

It's that easy!

snaggle reacted to this

all of my content is released under CC-BY-SA 2.0

Share this post

Link to post

zhang888    1066

zhang888
Posted ...

Is there a way to use this for skype?

 

Yes, using AppArmor for example.

But note that Skype is not under the same threat as a Browser - it does not get fed by hundreds of scripts, plugins and parsing libraries like Firefox.

Skype essentially needs (I assume) access to hardware components like Webcam, Microphone and so on, and will probably not function properly without it.

 

I think you should look for an alternative software if you can, many people leave Skype because of horrible mobile support, bloat, and the deal with Microsoft.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

guppy    10

guppy
Posted ...

How much cpu overhead is this using?

 

Could be a nice way to keep two instances of steam running for inhome streaming ( wine & native )

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...