In this brief tutorial, we will discuss what is Firejail, how to install firejail in Linux and how to improve the Linux systems security using Firejail.
Linux kernel is secure by default. But, it doesn't mean that the software on the Linux system are completely secure.
Say for example, there is a possibility that any add-ons on your web browser may cause some serious security issues. While doing financial transactions over internet, some key logger may be active in browser which you are not aware of.
Even though, we can't completely give the bullet-proof security to our Linux box, we still can add an extra pinch of security using an application called Firejail.
Firejail is a security utility which can sandbox any such application and let it to run in a controlled environment. To put this simply, Firejail is a SUID (Set owner User ID up on execution) program that reduces the risk of security breaches by restricting the running environment of untrusted applications.
Concerning about Firejail features, we can list the following:
- Easy to install
- User can set file or directory attributes.
- Customized security.
- Support network.
- Separate sandbox containers for applications.
- Easy to monitor.
- GUI provided to manage application.
1. Install Firejail in Linux
This security application is easy to install, and it can be installed using apt-get package manager. We will be using Ubuntu 16.04 OS for demonstration purpose.
All commands given below are executed as
Update Ubuntu Linux:
# apt-get update
Install Firejail application with command:
# apt-get install firejail
By default firejail configurations and profiles are stored under
/etc/firejail. These can be manged by user as per their need, Have a look at the following output.
# ls /etc/firejail
2. Improve The Linux Systems Security Using Firejail
2.1. Run applications with firejail
The typical syntax to use firejail is:
# firejail <application>
Say for example, to run Firefox web browser using firejail, we can use the following command:
# firejail firefox
When a user launch application with firejail, profile defined in firejail configurations get loaded and events are logged in
By default firejail launch application with default profile, your can configure default profile with their own parameters.
2.2. Customize firejail profile for application
To create a custom profile for a application/command create following directory under home environment of user.
# cd ~
# mkdir -p ~/.config/firejail
Copy generic profile to that newly created directory:
# cp /etc/firejail/generic.profile /home/user/.config/example.profile
# vim /etc/firejail/generic.profile
If you wants to load Document folder for a particular user to be loaded as read only. Define parameters as follows:
If you wants to set some attribute as read only:
Accessing some banking stuff over the internet is recommended to be secured, can be achieved with firejail.
Create a directory for user.
# mkdir /home/user/safe
Firefox will consider 'safe' as home directory.
# firejail --private=/home/user/safe firefox &
Define default network interface for application to run with.
# firejail --net=enp0s3 firefox&
2.3. Using firejail GUI tool
For the ease of user gui tool of firejail is available which can be downloaded from this link.
Download appropriate package as per your hardware and operating system installed and use it.
The filejail tool is a must have for Security concerned users. Although there are lots of methods available in Linux which can provide same level of security, Firejail is one such a way to improve the security to your Linux environment. We hope you will find this article useful.
Good tutorial on a simple sandbox app. Finally, something for linux better than an idiotbox “firewall for windows” clone….