Image of a computer motherboard close up view

comptech101

How to Sandbox Linux Applications for Increased Security

, ,
Table Of Contents
  1. What is Firejail?
  2. Why Should You Use It?
  3. How to Install FireJail
  4. How to Use FireJail

What is Firejail?

FireJail is a terminal-based software that allows you to run programs in a sandboxed environment, similar to Windows’ “Sandbox” program. This type of environment ensures that an application operates in a safe zone, preventing it from affecting your current configuration and allowing you to observe its behaviour.

It is particularly useful when you do not trust the author of a certain software or script downloaded online, providing an extra layer of security.

Why Should You Use It?

  • Lightweight.
  • Isolate programs and scripts from the system.
  • Protect you against virus & malicious software by running them in contained environment.
  • FireJail can restrict access to network, files & hardware such as microphone and cameras.

How to Install FireJail

Use the following commands to install FireJail on your Linux distro.

Debian/Mint/Ubuntu

sudo apt install firejail

Arch/Manjaro

sudo pacman -S firejail

Fedora

sudo dnf install firejail

Make Sure It Works

After installation, you can check FireJail version using the command below :

firejail --version

Now we know it works!

How to Use FireJail

Using FireJail is fairly simple, just open a terminal and type the following :

firejail program

Example :

firejail firefox
firejail command linux mint example

Alright cool! We can run Firefox in a contained environment, but what about adding some options?

Use FireJail With Network Disabled

Use this command to launch a program with the network disabled :

firejail --net=none google-chrome-stable
Google Chrome launched using firejail
Google Chrome launched using firejail without network

Allow Access to Only One Directory

This command allows the program to access only a specific directory and restricts access to other files.

firejail --private=/home/user/mydir firefox

This command allows Firefox to access only the ‘mydir’ folder.

Remove Access to Home Directory

This command blocks access to your home directory.

firejail --private-home firefox

Run Your Program Without Audio Access

This command will block Firefox access to your audio system.

firejail --no-audio firefox

Disable Audio & Video Access

This command will disable all access to audio and video device (camera & microphone).

firejail --no-sound --no-video firefox

Limit The System Resources

This command allows you to set a custom CPU % and a custom memory size

firejail --cpu=50% --memory=512M firefox

Firefox will now be restricted to 50% of the CPU and 1 GB of RAM.

FireJail Documentation (Arch Wiki)

If you want to learn more about Firejail and the commands available at your fingertips, visit the Arch Wiki article using the button.

Read More
Top 🔼

One response to “How to Sandbox Linux Applications for Increased Security”

  1. Chace Weaver Avatar
    Chace Weaver

    I truly appreciate your technique of writing a blog. I added it to my bookmark site list and will

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *