{"id":1805,"date":"2016-10-18T20:24:15","date_gmt":"2016-10-18T18:24:15","guid":{"rendered":"http:\/\/monodes.com\/predaelli\/?p=1805"},"modified":"2016-10-18T09:28:29","modified_gmt":"2016-10-18T07:28:29","slug":"firejail-security-sandbox","status":"publish","type":"post","link":"https:\/\/monodes.com\/predaelli\/2016\/10\/18\/firejail-security-sandbox\/","title":{"rendered":"Firejail | security sandbox"},"content":{"rendered":"

Firejail | security sandbox<\/a><\/em><\/p>\n

\"\"<\/a><\/b><\/p><\/blockquote>\n

<\/p>\n

Firejail<\/b> is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces<\/a> and seccomp-bpf<\/a>. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.<\/p>\n

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer. The program is released under GPL v2<\/a> license.<\/p>\n

Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc. To start the sandbox, prefix your command with \u201cfirejail\u201d:<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Firejail | security sandbox<\/p>\n

Read more →<\/a><\/p>\n","protected":false},"author":1,"featured_media":1806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"link","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"activitypub_content_warning":"","activitypub_content_visibility":"","activitypub_max_image_attachments":4,"activitypub_interaction_policy_quote":"anyone","activitypub_status":"","footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[52,14],"tags":[129,128],"class_list":["post-1805","post","type-post","status-publish","format-link","has-post-thumbnail","hentry","category-software","category-software-libero","tag-sandbox","tag-security","post_format-post-format-link"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/monodes.com\/predaelli\/wp-content\/uploads\/sites\/4\/2016\/10\/firetools-main.png?fit=786%2C583&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6daft-t7","jetpack-related-posts":[{"id":4123,"url":"https:\/\/monodes.com\/predaelli\/2018\/04\/17\/microsoft-built-its-own-custom-linux-kernel\/","url_meta":{"origin":1805,"position":0},"title":"Microsoft Built Its Own Custom Linux Kernel!","author":"Paolo Redaelli","date":"2018-04-17","format":false,"excerpt":"I read \"Microsoft Built Its Own Custom Linux Kernel For Its New IoT Service\" from - Slashdot and I wonder: is it the same old technique \"embrace, extend, extinguish\", or the old black night is slowly walking the long and winding road to redemption? Yet such large corporations shall not\u2026","rel":"","context":"In "Mood"","block_context":{"text":"Mood","link":"https:\/\/monodes.com\/predaelli\/category\/mood\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15433,"url":"https:\/\/monodes.com\/predaelli\/2026\/04\/03\/are-passkeys-a-way-to-lose-your-freedom\/","url_meta":{"origin":1805,"position":1},"title":"Are Passkeys a way to lose your freedom?","author":"Paolo Redaelli","date":"2026-04-03","format":false,"excerpt":"I've encountered EmDash a project announcing as a full-stack TypeScript CMS based on Astro; the spiritual successor to WordPress. Of course I have been hooked by its promises: A full-stack TypeScript CMS built on Astro and Cloudflare. EmDash takes the ideas that made WordPress dominant -- extensibility, admin UX, a\u2026","rel":"","context":"In "Mood"","block_context":{"text":"Mood","link":"https:\/\/monodes.com\/predaelli\/category\/mood\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11581,"url":"https:\/\/monodes.com\/predaelli\/2024\/04\/08\/5-tips-to-speed-up-linux-software-raid-rebuilding-and-re-syncing-nixcraft\/","url_meta":{"origin":1805,"position":2},"title":"5 Tips To Speed Up Linux Software Raid Rebuilding And Re-syncing – nixCraft","author":"Paolo Redaelli","date":"2024-04-08","format":false,"excerpt":"Speed Up Linux Software Raid: Various commands tips to increase the speed of Linux Software RAID 0\/1\/5\/6\/10 reconstruction and rebuild time Source: 5 Tips To Speed Up Linux Software Raid Rebuilding And Re-syncing - nixCraft 5 Tips To Speed Up Linux Software Raid Rebuilding And Re-syncing Author:Vivek GiteLast updated:April 7,\u2026","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8961,"url":"https:\/\/monodes.com\/predaelli\/2021\/12\/06\/nanos-org\/","url_meta":{"origin":1805,"position":3},"title":"Nanos.org","author":"Paolo Redaelli","date":"2021-12-06","format":"link","excerpt":"\u00a0Nanos.org: Run code faster than the speed of light A unikernel running one and only one application in a virtualized environment. More secure and faster than Linux. All while keeping it simple. Of course it runs faster than Linux. No fork, one process and several other significative simplications. \u00a0","rel":"","context":"In "Software"","block_context":{"text":"Software","link":"https:\/\/monodes.com\/predaelli\/category\/software\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11626,"url":"https:\/\/monodes.com\/predaelli\/2024\/05\/05\/40-tools-for-ethical-hacking\/","url_meta":{"origin":1805,"position":4},"title":"40 tools for ethical hacking","author":"Paolo Redaelli","date":"2024-05-05","format":false,"excerpt":"I know many of them, but not everyone! Shame on me! Here are 40 tools for ethical hacking! Nmap: Network scanner used for network discovery and security auditing. Wireshark: Network protocol analyzer for packet inspection and troubleshooting. Metasploit: Penetration testing framework for exploiting vulnerabilities. John the Ripper: Password cracking tool\u2026","rel":"","context":"In "Tricks"","block_context":{"text":"Tricks","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/tricks\/"},"img":{"alt_text":"\ud83d\udd0d","src":"https:\/\/static.xx.fbcdn.net\/images\/emoji.php\/v9\/tc1\/1\/16\/1f50d.png","width":350,"height":200},"classes":[]},{"id":7144,"url":"https:\/\/monodes.com\/predaelli\/2020\/04\/30\/little-notes\/","url_meta":{"origin":1805,"position":5},"title":"Little notes","author":"Paolo Redaelli","date":"2020-04-30","format":false,"excerpt":"Just a little note to myself, to start salome on a severly hacked and messed up workstation like mine: paolo@rigel:~\/salome_meca\/appli_V2019.0.3_universal$ \/home\/paolo\/salome_meca\/appli_V2019.0.3_universal\/salome runSalome running on rigel Searching for a free port for naming service: 2815 - OK Searching Naming Service + found in 0.1 seconds Searching \/Kernel\/Session in Naming Service ++++libGL\u2026","rel":"","context":"In "Documentations"","block_context":{"text":"Documentations","link":"https:\/\/monodes.com\/predaelli\/category\/documentations\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/1805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/comments?post=1805"}],"version-history":[{"count":0,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/posts\/1805\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media\/1806"}],"wp:attachment":[{"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/media?parent=1805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/categories?post=1805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monodes.com\/predaelli\/wp-json\/wp\/v2\/tags?post=1805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}