We are happy to announce the release of Firejail version 0.9.26. Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release fixes a number of bugs reported by users, new default profiles, and brings in the following new features:
Private /dev directory
Command line option –private-dev mounts a new /dev directory and populates it with the following device files: null, full, zero, tty, pts, ptmx, random, urandom and shm. The option is targeted to programs that are not supposed to use sound or video camera devices.
Private home whitelisting
The format for this command is as follows:
The command mounts an empty tmpfs on top of /home/user directory, and copies all the files and directories in the list in the new filesystem. The list elements are separated by comma ‘,’. All modifications are discarded when the sandbox is closed. The original files are not modified.
$ firejail --private.keep=.mozilla,Downloads firefox
Command –noroot attaches a new user namespace to the sandbox. The namespace has a single user defined, the current user. There is no root user available. Programs requiring root privileges will not be able to run:
User namespaces have been introduced in Linux kernel 3.9. If the feature is not available in the kernel at runtime, Firejail will print a warning and continue setting up the sandbox.
New default profiles
For more information please visit the project page.