Firejail is a SUID security sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. Written in C with virtually no dependencies, it should work on any Linux computer with a 3.x kernel version.
|Source Code Archive.|
|64-bit DEB Package for Debian, Ubuntu, Linux Mint.|
|64-bit RPM Package for Fedora, openSUSE, Centos 7, RHEL 7.|
|Arch Linux package in AUR.|
|Slackware Linux package on SlackBuilds.org.|
February 2015 – first release candidate for version 0.9.22 (more).
February 2015 – version 0.9.20 released. This release fixes a number of bugs reported by users, and brings in several new features: Linux control group support, CPU affinity, Opera web browser and VLC media player support, and monitoring enhancements. A description of the new features is provided in our Release Announcement.
December 2014 – version 0.9.18 released. This release brings in support for transmission-gtk and transmissin-qt BitTorrent clients, support for tracing system, setuid, setgid, setfsuid, setfsgid, setreuid, setregid, setresuid, setresguid system calls and a number of bugfixes.
November 2014 – version 0.9.16 released. It includes a number of bugfixes, support for configurable private home directories, configurable user shell, and Dropbox support. Note: Linux capabilities and seccomp filters are enabled by default for Firefox, Mirodi, Evince and Dropbox. If you run into problems, please let us know!
October 2014 – version 0.9.14 released. This release brings in support for user-defined seccomp blacklists, tracing filesystem and network accesses, bind mounts, process resource limits, monitoring ARP tables, route tables and interfaces, and a number of smaller features and bugfixes.
- Building Custom Profiles
- Firejail – A Security Sandbox for Mozilla Firefox
- Firejail – A Security Sandbox for Mozilla Firefox, Part 2
- Running Dropbox in Firejail Sandbox
- Debian/Ubuntu Cross-distro Gaming with Firejail
- How to Restrict a Login Shell Using Linux Namespaces
- Securing a Web Server Using a Linux Namespaces Sandbox
- How To Use Firejail to Set Up a WordPress Installation in a Jailed Environment (digitalocean.com)
- Firejail featured on Linux Action Show (LAS 333, at 0:10:15)
Please use the comment section on any page on this blog, or sourceforge.net/projects/firejail/support. All contributions are welcome: ideas, patches, documentation, bug reports, complaints.