Firejail is a SUID security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. Written in C with virtually no dependencies, it should work on any Linux computer with a 3.x kernel version. Debian, Ubuntu, Mint, OpenSUSE, CentOS 7 and Fedora packages are provided. An Arch Linux package is maintained in AUR.
October 2014 – version 0.9.14 released. This release brings in support for user-defined seccomp blacklists, tracing filesystem and network accesses, bind mounts, process resource limits, monitoring ARP tables, route tables and interfaces, and a number of smaller features and bugfixes.
September 2014 – version 0.9.12.2 released. This release brings in more pulseaudio fixes.
September 2014 – version 0.9.12.1 released. This release includes a number of fixes for pulseaudio running inside the sandbox. Also, –overlay option was temporarily disabled awaiting new development and fixes.
September 2014 – version 0.9.12 released. The new release brings in support for Linux capabilities, Cent0S 7 and a number of bugfixes.
- Firejail – A Security Sandbox for Mozilla Firefox
- How to Restrict a Login Shell Using Linux Namespaces
- Securing a Web Server Using a Linux Namespaces Sandbox
- How To Use Firejail to Set Up a WordPress Installation in a Jailed Environment (digitalocean.com)
- Firejail featured on Linux Action Show (LAS 333, at 0:10:15)
Please use the comment section on this page, or sourceforge.net/projects/firejail/support.