Firejail 0.9.10 Release Announcement

We are happy to announce the release of Firejail version 0.9.10. Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. The new release brings in several sandbox management capabilities and a number of bugfixes:

–list vs. –tree

Command line option –list was renamed –tree. The new functionality for the two options is as follows:

  • –list option lists the PID of all running sandboxes
  • –tree option print the process tree for all sandboxes

Example:

netblue@debian:~$ firejail --list
3351:netblue:firejail --seccomp iceweasel 
24298:netblue:firejail chromium 

netblue@debian:~$ firejail --tree
3351:netblue:firejail --seccomp iceweasel 
  3352:netblue:iceweasel 
    24408:netblue:/usr/lib/iceweasel/xulrunner/plugin-container /usr/lib/flashp
24298:netblue:firejail chromium 
  24299:netblue:/usr/lib/chromium/chromium --password-store=detect 
    24302:netblue:/usr/lib/chromium/chromium --password-store=detect --type=san
    24303:netblue:/usr/lib/chromium/chrome-sandbox /usr/lib/chromium/chromium -
      24304:netblue:/usr/lib/chromium/chromium --type=zygote 
        24308:netblue:/usr/lib/chromium/chromium --type=zygote 
          24346:netblue:/usr/lib/chromium/chromium --type=renderer --lang=en-US
    24329:netblue:/usr/lib/chromium/chromium --type=gpu-process --channel=1.0.7
netblue@debian:~$ 

–shutdown
Use –shutdown option to shut down an active sandbox. Use sandbox PID as printed by –list option. Example:

netblue@debian:~$ firejail --list
24764:netblue:firejail chromium --name=browser 

netblue@debian:~$ firejail --shutdown=24764
Switching to pid 24765, the first child process inside the sandbox
Sending SIGTERM to 24765
netblue@debian:~$

You can also use the name of the sandbox to shut it down. Example:

netblue@debian:~$ firejail --list
24764:netblue:firejail chromium --name=browser 

netblue@debian:~$ firejail --shutdown=browser
Switching to pid 24765, the first child process inside the sandbox
Sending SIGTERM to 24765
netblue@debian:~$

–join
Use –join option to join the namespaces of an active sandbox. Use sandbox PID as printed by –list option. Example:

netblue@debian:~$ firejail --list
24974:netblue:firejail chromium --name=browser 

netblue@debian:~$ firejail --join=24974
Switching to pid 24975, the first child process inside the sandbox
[netblue@debian ~]$ 

Similar to –shutdown, you can also use a name to join the sandbox:

netblue@debian:~$ firejail --list
24974:netblue:firejail chromium --name=browser 

netblue@debian:~$ firejail --join=browser
Switching to pid 24975, the first child process inside the sandbox
[netblue@debian ~]$ 

Disable kernel memory information

/proc/kcore and /proc/kallsyms files are redirected to /dev/null inside the sandbox. Also, a temporary filesystem is mounted on /boot effectively hiding all the kernel files in this directory. /dev/port device file is also redirected to /dev/null.

Google Chromium support

This version brings in support for Google Chromium browser. Chromium profile files are installed in /etc/firejail. Start your browser as firejail chromium or firejail chromium-browser.

About

For more information please visit the project website.

Download: sourceforge.net/projects/firejail/files/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s