firejail for extra privacy and security

Post your comments, questions, bug reports or suggest new features for alphaOS
Scooby
Site Admin
Posts: 826
Joined: 09 Sep 2013, 16:52

firejail for extra privacy and security

Postby Scooby » 22 Mar 2016, 21:51

Firejail is a sandbox for programs on Linux

It's working really great and it is fast too.

Download bundle here

Then you can start applications like

Code: Select all

firejail --user=alpha icecat

or

Code: Select all

su -c "firejail firefox" alpha

Works for tor-browser as well

Code: Select all

su -c "firejail --profile=/etc/firejail/firejail.profile tor-browser-en" alpha

read more about it at

https://firejail.wordpress.com/

Can be added seamless as desktop integration if PATH is setup to look
in /usr/local/bin before /usr/bin. Only caveat is you have to run it as user alpha


Try for icecat with

Code: Select all

> PATH="/usr/local/bin:$PATH"
> ln -s /usr/bin/firejail /usr/local/bin/icecat

> su alpha
> icecat



running as root could also be fixed with commenting out noroot option in /etc/firejail/firefox.profile
but I really like that feature that prevents an attacker to gain root in that sandbox.

then it would be

Code: Select all

> PATH="/usr/local/bin:$PATH"
> ln -s /usr/bin/firejail /usr/local/bin/icecat

> sed -i 's/^noroot/#noroot/' /etc/firejail/firefox.profile 
> icecat

Scooby
Site Admin
Posts: 826
Joined: 09 Sep 2013, 16:52

Re: firejail for extra privacy and security

Postby Scooby » 25 Mar 2016, 23:17

I like to work in terminal so I wrote a handy function
to jail applications.

It comes with bash completion as well

Example usage

Code: Select all

> jail firefox



put in your .bashrc

Code: Select all

function jail() { su -c "firejail $@" alpha & disown ;}

_executables(){
    echo -n "$PATH" | xargs -d: -I{} -r -- find -L {} -maxdepth 1 -mindepth 1 -type f -executable -printf '%P\n' 2>/dev/null | sort -u
}

_jail()
{
   local cur executables
    cur=${COMP_WORDS[COMP_CWORD]}
    executables=$(_executables)
    COMPREPLY=( $(compgen -W "$executables" -- $cur) )
}
complete -F _jail jail


Return to “General Discussion”

Who is online

Users browsing this forum: No registered users and 16 guests

cron