Getting Started With Firejail On Linux

Getting Started With Firejail On Linux

Feb 23, 2021

(If you get something out of this, thanks for Sharing this post. Next Up: Learn to use Firejail to protect your privacy. I share a new (unlisted) tip and considerations, exclusively found Here.)

THIS TUTORIAL: What sandboxing is, basic gist of how Firejail works, and we use Firefox for our example.


Sandboxing offers the ability to run applications inside a more restricted access environment. This can serve as a (much) lower resource substitute for virtual machines. Very useful for protecting important files from application access (ie: exploitation).


BENEFITS: By restricting an application's access to sensitive areas of the system, we prevent exploitation and access to sensitive files that otherwise may reveal personally identifying information: such as in this example I demo in "Firejail For Privacy" tutorial).

We use a Pine64 Pinetab for our example device, but this guide is for
any Linux system!

INSTALL FIREJAIL

Firejail includes many default Linux application rules. This makes getting started very easy.

Many Linux systems come with Firejail preinstalled. If you don't have a 'firejail' command, see below for easy, one-liner installation options (or search 'firejail' in your graphical Software/Package Manager).


Arch or Manjaro Based Install

sudo pacman -S firejail

Debian Based Install (Debian, Mint, Ubuntu, Parrot)

apt update && apt install firejail -y


INTRODUCTION

Many people assume (wrongly) sandboxing is overly complicated.

This couldn't be further from the truth!

A freshly installed firejail comes readily configured (for most applications).
Meaning: there's no work needed, just run it and reap the benefits of sandboxing!

firejail CommandORappNameHere

The above single command runs the named application inside a protective sandbox. That's it. Nothing to it! :)

(for more basic demonstration/commands, watch the below video)

For Pinephone users, This tutorial is a great way to begin your "securing it" journey (this guide is designed for all Linux users, any hardware/OS)

In today's video we cover basic commands and optional configuration to customize the security of your applications.

We finish the video editing the web browser shortcut to ensure our web browser runs inside a protective sandbox each time we double click on our web browser.

https://youtu.be/7Q57Nj6Az3U


FIREJAIL USAGE


RUNNING APPLICATION INSIDE A SANDBOX

firejail CommandNameGoesHere


WHITELISTING (ALLOW APPLICATION ACCESS TO SPECIFIC LOCATIONS)

Adding a program or directory to an application's access whitelist is as easy as adding a single line to the application's /etc/firejail/ApplicationNameHere.profile file!

Add The Whitelist Line Inside Your /etc/firejail/AppNameHere.profile File:

whitelist /directory/location/directoryORfileToWhitelist
[adds location to whitelist]

The next time you open the command/app as a firejail command (see above for usage), you will have it inside this protective firejail sandbox!


*WARNING*: BELOW COMMAND FIREJAILS ALL APPS! USE WITH CAUTION!

firecfg [This will setup all applications for sandboxing]


LIST CURRENTLY RUNNING SANDBOXED APPLICATIONS

firejail --list [lists the firejail sandbox applications currently running]


EXAMPLE: MAKE FIREFOX (OR TOR BROWSER) RUN INSIDE FIREJAIL SANDBOX

Edit the /usr/share/applications/firefox.desktop file (your location may vary for desktop shortcuts). (see this demo example in the above video).

Simply change the 'Exec=' line to:

Exec=/usr/bin/firefox-esr

NEXT UP: Firejail for protecting privacy video here (includes a tip I shared here first!): https://www.buymeacoffee.com/politictech/firejail-tips-howto-privacy-protection


Make sure to Like, Share and Subscribe to show your support for more content like this.

I appreciate it. :)

Support options below offer early access to exclusive content):

Sharing this content is very much appreciated.

FOLLOW:

Twitter Fosstodon

VIDEO MIRRORS:

Youtube Odysee Bitchute Peertube


SUPPORT LIST

Подобається цей допис?

Купити для 🥷 (RTP) Privacy Tech Tips 📡 кава

Більше від 🥷 (RTP) Privacy Tech Tips 📡