Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
Questions tagged [firejail]
9 questions
6
votes
2 answers
Is it expected that firejail allows R/W outside of the sandbox without "--overlay" flag?
Just installed firejail on Ubuntu 16.04 (version 0.9.38) and according to this linux-magazine article, by default it should make R/O the entire filesystem:
The programs in the sandbox have only read access to all directories and are thus unable to…
Emanuele
- 781
4
votes
2 answers
How to create a Tor-only network interface suitable for Firejail?
The well-known but unsafe method is to use torify. It is unsafe because we ask an application to use Tor, not force it. If the application misbehaves or is being exploided by a bug,
it will still allow non-Tor connections to be made to the outside…
VasyaNovikov
- 3,656
2
votes
0 answers
Firejail and chrome: limiting RAM useage
Long story short, I have a consistent memory leak coming from somewhere. I'm thinking that it's my browser. So I've tried using firejail to limit the memory as follows:
firejail --rlimit-as=8048576000 vivaldi-stable
Which limits the RAM usage (as I…
Anton
- 201
1
vote
0 answers
No internet: firejail ubuntu 20.04 --net=eno1 --dns=QQQ.RRR.SSS.TTT
This is the same case of unanswered question DNS not working in firejail
ALL SENSITIVE INFORMATION WAS MODIFIED TO A SET OF THREE OR TWO LETTERS (AAA, etc. or XX)
The case is:
I have an ethernet connection on device eno1 I'll use to access company's…
theRael
- 11
1
vote
1 answer
File picker dialogs do not remember settings when Firefox is running in firejail
When Firefox is running in Firejail with the provided default config, the Gtk file picker dialogs do not remember sort order even when Firefox was not restarted between opening two dialogs.
I tried copying the firejail profile and allowing access to…
allo
- 1,248
1
vote
0 answers
How does firejail build its default blacklist?
When I start firejail, i see my complete home directory. When I start firejail --whitelist=~/something, i see only something in my home.
Now i would like to restrict more access to the system. I can for example add --blacklist=/media and it works as…
allo
- 1,248
1
vote
0 answers
DNS not working in firejail
I try to make a test ssh firejail user for testing downloaded files.
But the name lookup for my setup is not working.
/etc/passwd:
UserName:x:9999:9999:,,,:/home/UserName:/usr/bin/firejail
/etc/firejail/login.users:
UserName:--private --net=wlp3s0…
FrankStein
- 104
0
votes
1 answer
How do I create a SINGLE symbolic link for Firejail, in Ubuntu/Fedora/CentOS?
Firecfg will configure all symbolic links at once, but how do I create a single symbolic link to firejail a specific application that isn't securely preconfigured by for example, SELinux?
Boja
- 23
- 4
0
votes
1 answer
redirect traffic from bridge to http proxy
If I create a new instance of an ethernet bridge:
# brctl addbr br1
# ip link set dev br1 up
# ip addr add 10.100.100.1/24 dev br1
Start tinyproxy listening on localhost on its default port 8888:
# tinyproxy
With firejail create a new network…
user5321531
- 151