robotchaos
Just wanted to see what you guys think of firejail. Anyone tried it?

https://firejail.wordpress.com/

I started playing with it yesterday and I have to say, I am certainly impressed. The default profile when loading `firejail st` protects most of the stuff I was concerned about. I used st to load a shell as an example to see what I could access. It denied access to /boot, /sbin, sudo explicitly, .password-store, .gnupg, .ssh, sets ~/bin to read-only, and most of your config files get set to read-only as well. Like I said, running a shell in this firejail was only a test. I actually only run firefox, ssh ( client ), nodejs, nginx, surf, libreoffice, pidgin, and evolution in a firejail.

I was looking for something to protect my sensitive files from internet-facing applications, such as surf and firefox. So if something happened, it couldn't run away with my data. firejail seems to fit this bill rather nicely.

In fact, with the --private=dir switch, you can run the program in its own private home directory if you wanted to go that far.


Messages In This Thread
firejail - by robotchaos - 02-09-2016, 02:08 PM
RE: firejail - by venam - 02-09-2016, 02:32 PM
RE: firejail - by robotchaos - 13-09-2016, 06:43 PM
RE: firejail - by robotchaos - 11-10-2016, 03:05 PM
RE: firejail - by josuah - 17-10-2016, 05:06 PM
RE: firejail - by oldnix - 03-02-2017, 10:05 AM



Members  |  Stats  |  Night Mode