In this tutorial, you will learn how to install and configure Firejail on Linux systems.
What is Firejail?
Firejail is a SUID program which allows us to reduce the risk of security breaches by restricting the execution environment of untrusted applications thanks to the use of Linux namespaces and seccomp-bpf.
With Firejail we will be able to allow a specific process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, the process table, the assembly table and many more.
Firejail is written in C with virtually no dependency, and this software works on any computer with Linux that has a version of the 3.x or newer kernel.
The Firejail program is published under the GPL v2 license.
Firejail can test any type of process: servers, graphic applications and even user login sessions.
The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission and many more.
Install Firejail on Linux
To install Firejail we will use one of the following commands:
sudo apt install firejail
sudo apt-get install firejail
sudo pacman - S firejail
For Fedora, it will be necessary that we install a repository for its optimal installation, in this case, we will execute the following commands:
sudo dnf copr enable ssabchew/firejail sudo dnf install firejail
How To Use Firejail in Linux
Once installed Firejail its use is simple.
It is enough to put the term firejail before the application, for example:
firejail Firefox: Open Mozilla Firefox firejail transmission-gtk: Open Transmission BitTorrent firejail vlc: Open VideoLAN sudo firejail /etc/init.d/nginx start: Open Web Server Nginx
Create White & Black Profile with Firejail
When using Firejail we will be able to create profiles for applications that will be or not allowed.
By default Firejail has multiple files already configured, but if we want to edit these black and white list profiles we will go to the /etc/ firejail directory:
Once in the directory, we will execute the ls command to see the content:
ls | more
There we will see the respective files already configured of Firejail. To edit a special profile, for example Mozilla Firefox, we will execute the following:
sudo nano /etc/firejail/firefox.profile
We can see that although the application is safe, or imprisoned, we still have the ~/Downloads directory and the system's add-on directories.
There we can add new white or black lists by merely entering the following:
whitelist ~/(directory) blacklist ~/(directory)
Once these changes are defined, we can save the file using the following keys Ctrl + O.
This simple Firejail becomes a great alternative to open applications safely in Linux.