Firejail is a SUID security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. Written in C with virtually no dependencies, it should work on any Linux computer with a 3.x kernel version.
|Source Code Archive.|
|64-bit DEB Package for Debian, Ubuntu, Linux Mint.|
|64-bit RPM Package for Fedora, openSUSE, Centos 7, RHEL 7.|
|Arch Linux package in AUR.|
November 2014 – version 0.9.16 released. It includes a number of bugfixes, support for configurable private home directories, configurable user shell, and Dropbox support. Note: Linux capabilities and seccomp filters are enabled by default for Firefox, Mirodi, Evince and Dropbox. If you run into problems, please let us know!
October 2014 – version 0.9.14 released. This release brings in support for user-defined seccomp blacklists, tracing filesystem and network accesses, bind mounts, process resource limits, monitoring ARP tables, route tables and interfaces, and a number of smaller features and bugfixes.
- Firejail – A Security Sandbox for Mozilla Firefox
- Running Dropbox in Firejail Sandbox
- Debian/Ubuntu Cross-distro Gaming with Firejail
- How to Restrict a Login Shell Using Linux Namespaces
- Securing a Web Server Using a Linux Namespaces Sandbox
- How To Use Firejail to Set Up a WordPress Installation in a Jailed Environment (digitalocean.com)
- Firejail featured on Linux Action Show (LAS 333, at 0:10:15)
Please use the comment section on any page on this blog, or sourceforge.net/projects/firejail/support. All contributions are welcome: ideas, patches, documentation, bug reports, complaints.