DownloadFirejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.
Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer.
Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc.
Features
- Linux namespaces
- Filesystem container: local filesystem, chroot filesystem, overlay filesystem
- Four security filters: seccomp, protocol, noroot user namespace, Linux capabilities
- Custom security profiles
- Resource allocation: Linux control groups and rlimits
- Networking support
- Statistics and monitoring
- Graphical user interface
Project Samples
Follow firejail
User Reviews
-
Excellent! Many thanks.
-
Many thanks to the developer for this great utility!! Since I've been using Sandboxie for windows long ago, I've been eagerly waiting for a similar online protection tool for linux, and finally firejail made that break. It's been sometime using this great lightweight tool and it works great. Appreciated are the regular updates and features as well. I use Linux Mint, so I'm hoping that it'll be integrated in the future releases of mainstream linux soon. Either way firejail rocks, feature rich and solid !!