Questions tagged [firejail]
Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
9
questions
1
vote
0
answers
436
views
No internet: firejail ubuntu 20.04 --net=eno1 --dns=QQQ.RRR.SSS.TTT
This is the same case of unanswered question DNS not working in firejail
ALL SENSITIVE INFORMATION WAS MODIFIED TO A SET OF THREE OR TWO LETTERS (AAA, etc. or XX)
The case is:
I have an ethernet ...
1
vote
1
answer
143
views
File picker dialogs do not remember settings when Firefox is running in firejail
When Firefox is running in Firejail with the provided default config, the Gtk file picker dialogs do not remember sort order even when Firefox was not restarted between opening two dialogs.
I tried ...
2
votes
0
answers
1k
views
Firejail and chrome: limiting RAM useage
Long story short, I have a consistent memory leak coming from somewhere. I'm thinking that it's my browser. So I've tried using firejail to limit the memory as follows:
firejail --rlimit-as=8048576000 ...
0
votes
1
answer
673
views
How do I create a SINGLE symbolic link for Firejail, in Ubuntu/Fedora/CentOS?
Firecfg will configure all symbolic links at once, but how do I create a single symbolic link to firejail a specific application that isn't securely preconfigured by for example, SELinux?
1
vote
0
answers
801
views
How does firejail build its default blacklist?
When I start firejail, i see my complete home directory. When I start firejail --whitelist=~/something, i see only something in my home.
Now i would like to restrict more access to the system. I can ...
1
vote
0
answers
434
views
DNS not working in firejail
I try to make a test ssh firejail user for testing downloaded files.
But the name lookup for my setup is not working.
/etc/passwd:
UserName:x:9999:9999:,,,:/home/UserName:/usr/bin/firejail
/etc/...
0
votes
1
answer
3k
views
redirect traffic from bridge to http proxy
If I create a new instance of an ethernet bridge:
# brctl addbr br1
# ip link set dev br1 up
# ip addr add 10.100.100.1/24 dev br1
Start tinyproxy listening on localhost on its default port 8888:
# ...
6
votes
2
answers
3k
views
Is it expected that firejail allows R/W outside of the sandbox without "--overlay" flag?
Just installed firejail on Ubuntu 16.04 (version 0.9.38) and according to this linux-magazine article, by default it should make R/O the entire filesystem:
The programs in the sandbox have only ...
4
votes
2
answers
6k
views
How to create a Tor-only network interface suitable for Firejail?
The well-known but unsafe method is to use torify. It is unsafe because we ask an application to use Tor, not force it. If the application misbehaves or is being exploided by a bug,
it will still ...