Firejail Reviews and details

Social recommendations and mentions

• Toolship: A (More) Secure Workstation

  Firejail can also be a useful option, though no good if you're on Mac https://firejail.wordpress.com/ Uses the same Linux primitives as docker etc, but can be a bit more ergonomic for this use case. - Source: Hacker News / 7 months ago

• Added security options?

  You can find more info on its world-press website: https://firejail.wordpress.com/. Source: 12 months ago

• Is there any way to isolate a Wine prefix from the internet, to prevent the programs inside of it from making connections?

  Try running your Wine app through something like Firejail. Source: about 1 year ago

• What is Firejail?

  Firejail is a program that helps to improve the security of your system by creating a restricted environment for running non-trusted applications. It does this using Linux namespaces, seccomp-bpf, and Linux capabilities, and is easy to use thanks to its setuid sandbox feature. Source: over 1 year ago

• X11 forwarding a web browser from a VPS

  Sorry, missed "avoid having libs on local machie". Someone mentioned chroot. That's good! Also maybe firejail. I also use x11-docker. Source: over 1 year ago

• Snaps and flatpaks of older open source games

  Sandboxing by default is great, but you can also sandbox appimages using firejail. Source: over 1 year ago

• What are some good ways to improve privacy and security on Linux?

  Firejail is a good option (though not the only one) for sandboxing applications. Source: over 1 year ago

• How to isolate Wine/Proton into a given directory.

  Maybe firejail might help? https://firejail.wordpress.com/. Source: over 1 year ago

• Show HN: Porting OpenBSD Pledge() to Linux

  I am just its (mostly happy) user. I wrote that rule on my phone so you are right, it is not complete. On the other hand raw sockets require CAP_NET_RAW capability which is often assigned to root only so running a capability-untreated binary as an unprivileged user should not allow any raw socket ops (ping often uses file capabilities or setuid root). AFAIK it requires root to load/reload profiles. And that is... - Source: Hacker News / almost 2 years ago

• Show HN: Porting OpenBSD Pledge() to Linux

  Could the CLI tool be combined with something like firejail [1] to solve the filesystem blindspot issue? [1] https://firejail.wordpress.com/. - Source: Hacker News / almost 2 years ago

• PyPI: Python packets steal AWS keys from users

  > I like Android's system of per-app uid/gid. But AFAIK it's not implemented by any mainstream Linux kernel or distro. You can create users manually for each app. For GUI apps, https://firejail.wordpress.com/. - Source: Hacker News / almost 2 years ago

• Question to PGs stance on Linux vs Mac vs Windows security

  Strong sandboxing solution such as that found in macOS, ChromeOS, and Android. Commonly used Linux sandboxing solutions such as Flatpak and Firejail still have a long way to go. Source: almost 2 years ago

• Since linux is more secure, but not 100% secure, what are programs I should install to make my system even more secure?

  Use some sandbox application like firejail. Source: about 2 years ago

• MUST HAVE Linux Programs/Commands?

  Firejail to isolate applications within the same user account. Tmux to have detachable multiple windows and multiple panes in the terminal. Jq to parse JSON. q to run SQL queries on CSV files. Yt-dlp to download videos from everywhere. Ncdu to visualize and explore disk usage. Htop to monitor processes and resources. Source: about 2 years ago

• Flatpak Firefox v95 or Firefox v97 with Firejail ?

  Or download Firefox v97 and Sandbox it myself with Firejail. I get the latest Firefox, but I hear very mixed reviews on Firejail. Anything from it's perfect and easy to use, to it froze and crashed my whole system. Source: about 2 years ago

• Game Server Setup and Reconfiguration

  For #1, I'm not great at security. I just learned that firejail exists. Can limit the environment that programs see, like not having access to your actual /home/username/. You could maybe get it to work with something like --private=/path/to/minecraft/ so it thinks only those files exist. Source: about 2 years ago

• Linux-Targeted Malware Increases by 35% in 2021

  Use firejail or other sandboxing solutions. Source: over 2 years ago

• Unable to open new private window from command line after Firefox v95

  I do use Firejail (unrelated to Firefox: https://firejail.wordpress.com/), but always have and it's never been an issue with browser instances in the past. I've confirmed there's no interference by running the non-firejailed binary directly with /bin/firefox. Source: over 2 years ago

• What's the best way to run "untrusted" binaries?

  You can use firejail to run the program. See their github. Source: over 2 years ago

• I will switch to Linux from Windows 11 after my university finals. Should I choose Debian, QubesOS or dual-boot both?

  That said: what's your threat model for privacy? If you're aiming to avoid work seeing your personal, you likely can try something like multiple accounts if it's an installed work app situation, or in a browser using something like Firefox Containers, or Firejail. Those would get you much of the isolation from non-directed "attacks" without having to send the time/energy making Qubes work for you properly. Source: over 2 years ago

• [Question] Is the Rust Compiler safe?

  Crosvm mentions minijail, which is a sandboxing tool that can sandbox individual processes in a machine. Other tools in that space are firejail and bubblewrap. Source: over 2 years ago