Pinterest Stumbleupon Whatsapp
Ads by Google

Linux is secure Is Linux Really as Secure as You Think It Is? Is Linux Really as Secure as You Think It Is? Linux is often touted as the most secure operating system you can get your hands onto, but is this really the case? Let's take a look at different aspects of Linux computer security. Read More , right? It’s certainly more secure than Windows in a lot of ways, but it’s not impervious to attack. There is always a trade-off between security and usability, but how far can you really go to secure your operating system without seriously compromising its usability?

If you get compromised the damage is already done, it really doesn’t matter which operating system you run. Firejail allows you to mitigate this risk, but will it keep you secure without making your system unusable?

What Is Firejail?

Firejail is a sandboxing utility What's A Sandbox, And Why Should You Be Playing in One What's A Sandbox, And Why Should You Be Playing in One Highly-connective programs can do a lot, but they're also an open invitation for bad hackers to strike. To prevent strikes from becoming successful, a developer would have to spot and close every single hole in... Read More that allows you to run un-trusted applications within Linux in an environment that has restricted privileges.

Firejail prevents applications from accessing parts of the system that they shouldn’t be able to. So it allows you to load unfamiliar applications safe in the knowledge that even if they are malicious or compromised, you’re still safe.

If an application does become compromised whilst running in a Firejail sandbox, only that application is affected, not the rest of the system.

So you can then take steps to contain and clean the virus 10 Steps To Take When You Discover Malware On Your Computer 10 Steps To Take When You Discover Malware On Your Computer We would like to think that the Internet is a safe place to spend our time (cough), but we all know there are risks around every corner. Email, social media, malicious websites that have worked... Read More without worrying about your important data.

Ads by Google

Installing Firejail

To install Firejail in Ubuntu, all you need to do is run the command sudo apt-get install firejail. You will need to download the appropriate package from Firejail’s Souceforge page if you are running a different flavor of Linux.

Firejail Install Terminal

We will also be installing a GUI utility for Firejail, called Firejail Tools, which makes Firejail much more simple to use.

To install Firejail Tools, visit their Sourceforge page and download the appropriate package for your flavor of Linux. You can then install the package using tools like gdebi or your software center 5 Great Tips For The Ubuntu Software Center [Linux] 5 Great Tips For The Ubuntu Software Center [Linux] Read More .

Using Firejail

You can use Firejail via the terminal or by using the GUI we just installed. I’ll show you how to do both.

Using the Terminal

Using the terminal to run a Firejail application is really simple. All you have to do is run the command firejail [application-name]. So if you want to run Firefox in a sandboxed environment, you would run firejail firefox.

Firefox in Firejail

Typing Ctrl + C will then cancel the process and close Firefox.

(It’s worth noting here that many people are under the misapprehension that Firejail is only intended for use with Mozilla Firefox. In fact, it can work with many other applications.)

Using the GUI (Firetools)

Using the terminal is extremely simple, but many people prefer to use a GUI instead. We have already installed Firetools, so all you need do is run it from your application menu.

Once loaded you simply click on the application you want to run from the red Firetools box. You can add additional applications by right clicking on Firetools and selecting Edit.

You will then need to give the new application a name, description and enter the terminal command you would run for Firejail. In this example, I’m adding the file browser:

Firejail Nautilus

Uses for Firejail

At this point you may be thinking, “So what?” I mean, what’s the point in having all this sandboxing mumbo-jumbo, right?

Firejail Thunderbird

Firejail is not just for those of us who don a tinfoil hat every time we boot up our machine. It does have a number of real world uses:

As you can see, sandboxing your apps with Firejail could prove very useful.

How Do I Know It’s Working?

Whether or not Firejail is working is something you really don’t need to worry about. That’s the beauty of the product, it just works.

However, Firejail does prove that it’s working correctly from time to time. For example, if you try to upload a picture to Instagram via Firefox within Firejail, you probably won’t be able to.

Firejail restricts access to folders such as pictures, documents etc. However, it can access the Downloads folder, so moving your cat pictures 8 Purrfect Cat Websites For Feline Lovers 8 Purrfect Cat Websites For Feline Lovers Cats are everywhere online… as photos shared by friends on social networking sites, as cute pics on Reddit, on any of the cat-centric Tumblr sites, and even here on MakeUseOf. Oh, and then there’s Nyan... Read More there first will work.

Security vs. Usability

We can provide you with lists that contain tips to prevent you being hacked 9 Ways To Prevent Identity Theft By Computer Hackers 9 Ways To Prevent Identity Theft By Computer Hackers In this digital age, where almost the entire human knowledge is stored online, some of the most valuable information you possess is your own identity. The term refers to information that enables an identity thief... Read More , but at some point there’s always a trade off for usability. With more security comes more complexity. It’s inevitable.

Firejail really does bridge the gap between usability and security. It’s easy to install, simple to use, and increases security significantly.

Firejail has found a regular spot on my hard drive from now on. But what about you guys, do you use Firejail? Or are you using a different method to stay secure?

Image Credits: Brian A Jackson/Shutterstock

  1. Rosika Schreck
    October 31, 2016 at 12:37 pm

    Hello,
    I´ve got a problem with firejail.
    In principle this sandbox works quite well. I can start a browser (firefox/midori) and other applications as well (like rhythmbox).
    What I want to do now is use the overlay-functionality: firejail --overlay firefox.
    Yet that doesn´t work. Firefox itself produces the following message: " Your Firefox profile cannot be loaded. It may be missing or inaccessible". Yet that can´t be. Without firejail there´s no problem and even "firejail firefox" works well.
    The following message is taken from the terminal:

    rosika@rosika-Lenovo-H520e ~> firejail --overlay firefox
    Reading profile /etc/firejail/firefox.profile
    Reading profile /etc/firejail/disable-mgmt.inc
    Reading profile /etc/firejail/disable-secret.inc
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/whitelist-common.inc
    Warning: --overlay and --noroot are mutually exclusive, noroot disabled
    Parent pid 2362, child pid 2363
    OverlayFS configured in /home/rosika/.firejail/2362 directory
    Warning: cannot find home directory
    ***
    *** Warning: cannot whitelist Downloads directory
    *** Any file saved will be lost when the sandbox is closed.
    *** Please create a proper Downloads directory for your application.
    ***
    Blacklist violations are logged to syslog
    Warning: failed to unmount /sys

    Child process initialized
    parent is shutting down, bye..

    As far as I know --overlay has been working as of kernel version 3.18. As I have 4.4.0-45-generic x86_64 there shouldn´t be any problems.
    Can anyone help me?
    Thanks a lot in advance.
    Rosika
    P.S.:
    System: Linux/Lubuntu 16.04 LTS (64 bit)
    firejail-version: 0.9.38-1

  2. Rosika Schreck
    October 31, 2016 at 12:31 pm

    I´ve got a problem with firejail.
    In principle this sandbox works quite well. I can start a browser (firefox/midori) and other applications as well (like rhythmbox).
    What I want to do now is use the overlay-functionality: firejail --overlay firefox.
    Yet that doesn´t work. Firefox itself produces the following message: " Your Firefox profile cannot be loaded. It may be missing or inaccessible". Yet that can´t be. Without firejail there´s no problem and even "firejail firefox" works well.
    The following message is taken from the terminal:

    rosika@rosika-Lenovo-H520e ~> firejail --overlay firefox
    Reading profile /etc/firejail/firefox.profile
    Reading profile /etc/firejail/disable-mgmt.inc
    Reading profile /etc/firejail/disable-secret.inc
    Reading profile /etc/firejail/disable-common.inc
    Reading profile /etc/firejail/disable-devel.inc
    Reading profile /etc/firejail/whitelist-common.inc
    Warning: --overlay and --noroot are mutually exclusive, noroot disabled
    Parent pid 2362, child pid 2363
    OverlayFS configured in /home/rosika/.firejail/2362 directory
    Warning: cannot find home directory
    ***
    *** Warning: cannot whitelist Downloads directory
    *** Any file saved will be lost when the sandbox is closed.
    *** Please create a proper Downloads directory for your application.
    ***
    Blacklist violations are logged to syslog
    Warning: failed to unmount /sys

    Child process initialized
    parent is shutting down, bye..

    As far as I know --overlay has been working as of kernel version 3.18. As I have 4.4.0-45-generic x86_64 there shouldn´t be any problems.
    Can anyone help me?
    Thanks a lot in advance.
    Rosika

    P.S.:
    System: Lubuntu 16.04 LTS (64 bit)
    firejail-version: 0.9.38-1

  3. Gilbert J.
    October 13, 2016 at 2:23 am

    This sounds like a very useful tool, but I got this when I tried to install it:
    sudo apt-get install firejail
    [sudo] password for gilbert:
    Reading package lists... Done
    Building dependency tree
    Reading state information... Done
    E: Unable to locate package firejail

    Neither Package Manager nor Software Center could find it either.

    • Kev Quirk
      October 13, 2016 at 10:24 am

      Weird, the package should be available by default in Ubuntu. Are you running a different distro?

      If so, there's a number of other ways to install Firejail, they have a DEB and RPM packages, so you can download and install them manually. Here is the link: https://sourceforge.net/projects/firejail/files/firejail/

      Here is the link for Firetool also - https://sourceforge.net/projects/firejail/files/firetools/

      • Gilbert J.
        October 13, 2016 at 1:42 pm

        I was using Mint. I tried it in Ubuntu and it worked fine. That's the first time I've run into something that was available via apt-get in Ubuntu but not in Mint. I don't have any other 'buntus installed at the moment to test it further.
        I downloaded firejail and firetools from SourceForge, and it all seems to be working.

        • Kev Quirk
          October 13, 2016 at 2:44 pm

          The guys at Mint must not include the Firejail repos. Glad it's sorted now though. :-)

        • Gilbert J.
          October 13, 2016 at 3:29 pm

          I've been playing with it a little.
          I found that adding "firejail" (without the quotes) to the command in Start Menu/desktop/taskbar launchers makes the app launch sandboxed.
          There are some apps that don't seem to work with Firejail: so far I've had no luck with Slimjet or Vivaldi.

Leave a Reply

Your email address will not be published. Required fields are marked *