Quick update: been loving what I can do with firejail so far. Can disable all networking except loopback. It doesn't seem possible to keep it from accessing lo. But for things I know and should not have net, you can remove it from its stack. You can also restrict which binaries a program then has access to. For example, pidgin by default only has access to one binary, the pidgin binary. Clicking on a link results in an error of 'unable to find xdg-open'.

Modifying profiles to suit your needs is easy enough. I then modified the pidgin profile to allow for xdg-open but it doesn't seem to open it in the running firefox instance that is also currently in its own firejail. So I see there is an option to name the namespace the firejail is running as, and that option I believe will give pidgin access to open links in that firefox. More to follow.

Messages In This Thread
firejail - by robotchaos - 02-09-2016, 02:08 PM
RE: firejail - by venam - 02-09-2016, 02:32 PM
RE: firejail - by robotchaos - 13-09-2016, 06:43 PM
RE: firejail - by robotchaos - 11-10-2016, 03:05 PM
RE: firejail - by josuah - 17-10-2016, 05:06 PM
RE: firejail - by oldnix - 03-02-2017, 10:05 AM

Members  |  Stats  |  Night Mode