Highest Voted 'firejail' Questions - Unix and Linux Stack Exchange

5

votes

0 answers

Opening /proc//net/dev prevents network namespace from expiring, is this expected?

I'm looking for input whether the following observation related to network namespace expiration is expected, or should be reported as bug? When some process opens /proc//net/dev it can prevent/delay the expiration of the other process's…

asked Mar 29 '20 at 13:41

Arne Welzel

51
2

5

votes

2 answers

How can I run local applications through firejail?

I've installed debian package locally. I randomly chose Opera, extracted via dkpg -x opera-x.y.z.deb ~/bin/opera_package, and created a symlink in my user's ~/bin folder (which is in the user's path). Attempting to run in side firejail $ firejail…

bash ubuntu firejail

asked Apr 05 '17 at 16:54

Rick

101
1
6

4

votes

0 answers

firejail: child-process not sandboxed?

As far as the sandbox "firejail" is concerned I´ve encountered a phenomenon which isn´t completely clear to me. My understanding has always been that whenever I start a programm/process in firejail that process is sandboxed. Fine, that´s clear. I…

sandbox firejail calibre

asked Jul 26 '18 at 12:59

Rosika

151
1
6

3

votes

0 answers

How to run a child process inside firejail sandbox?

Hello Linux folks i need help running with firejail with a java program that is in sandbox firejail --private --trace java -jar program.jar But this program can't spawn child process (chromium) due to sandbox restriction The trace error: 3:…

linux debian process sandbox firejail

asked May 22 '22 at 14:14

geek

179
1
7

3

votes

0 answers

Firejail not hiding files with Brave browser

If I run the following: firejail brave-browser And then try and access files in the browser (such as when uploading a file), Brave still has access to my entire home folder. Usually this doesn't happen with Firejail. I've tried it with Firefox, and…

firejail

asked Sep 22 '21 at 02:46

Daniel

143
7

3

votes

1 answer

Port forwarding with iptables and firejail sandbox

I try to run a HTTP server on port 8000 in a firejail sandbox, and make it accessible on all interfaces of the host on port 8888. The whole system can be represented as below: +----------------------------------------------------+ …

iptables bridge iptables-redirect firejail

asked May 15 '20 at 13:47

nicop

51
3

3

votes

1 answer

firejail : only let a program access localhost

I have this local network service and this client program needing to access it. I am running them both as an unprivileged user. I am looking for a way to sandbox the client using firejail, in a way that it cannot access network, except for localhost…

networking namespace network-namespaces sandbox firejail

asked Oct 27 '18 at 15:56

tbrugere

966
6
16

3

votes

1 answer

firejail memory limit

I want to create a firejail profile that limits memory for applications. I'm trying to figure out if it's possible to limit memory using firejail. But It seems that some versions had the --rlimit-as flag but I can't find it on Ubuntu 16.04

ubuntu firejail

asked Mar 25 '18 at 18:51

ApriOri

155
5

3

votes

1 answer

How to use screen when /dev/tty is disabled?

Firejail provides secure environment that strips /dev files with little number of exception. So when I try to run screen inside the environment, I get "Must be connected to a terminal". tty responds with "not a tty". Is it possible to get proper tty…

gnu-screen tty firejail

asked Dec 27 '16 at 05:07

ayvango

367
2
9

2

votes

1 answer

Firejail --private can't launch .sh file in home directory

I can create a bash script, then launch it using firejail with the private option : phil@GLaDOS:~$ echo "echo success" > /media/phil/Stockage/firejailtest.sh; chmod +x /media/phil/Stockage/firejailtest.sh phil@GLaDOS:~$ firejail --noprofile…

ubuntu security firejail

asked Sep 22 '22 at 12:32

sayanel

301
3
14

2

votes

1 answer

Firejail overlay permissions and ALSA no sound (wrong group in container/jail)

I'll try to be brief and concise. I want to run programs that require ALSA with firejail profiles but it probably doesn't have the permission or ability to access the soundcard for some reason probably relating to overlays and/or groups. I have…

audio alsa group firejail

asked Feb 02 '21 at 13:19

okay39442

23
3

2

votes

2 answers

Whitelist a directory for execution with firejail

How can I whitelist a directory for execution with firejail? In particular, I would like to execute Firefox Nightly in firejail. But I get the following error: $ firejail --profile=/etc/firejail/firefox.profile…

permissions firejail

asked May 16 '20 at 16:06

vinc17

11,912
38
45

1

vote

0 answers

How to run GNU Emacs 28 in firejail with the firefox profile?

I'd like to be able to run GNU Emacs 28 from a Firefox running in firejail, but it gives the following error: emacs: could not load dump file "/usr/libexec/emacs/28.1/x86_64-linux-gnu/emacs.pdmp": Permission denied because of $ ls -ld…

permissions emacs firejail

asked Aug 24 '22 at 03:05

vinc17

11,912
38
45

1

vote

1 answer

Firejail not hiding files with Brave browser

If I run the following: firejail brave-browser And then try and access files in the browser (such as when uploading a file), Brave still has access to my entire home folder. Usually this doesn't happen with Firejail. I've tried it with Firefox, and…

browser firejail

asked Sep 29 '21 at 07:23

Daniel

143
7

1

vote

1 answer

create custom profile to run man using firejail

I'm trying to use firejail (version 0.9.58.2) for application sandboxing on my Debian Stable machine. From what I understand it's possible to create a custom configuration file for each application but I wasn't successful in doing so. Currently I'm…

security man container sandbox firejail

asked Oct 28 '20 at 19:08

n0542344

376
1
15

Questions tagged [firejail]