2018-09-27 07:18:54 +01:00
|
|
|
# firejail
|
|
|
|
|
|
|
|
|
|
> Securely sandboxes processes to containers using built-in Linux capabilities.
|
2021-07-09 15:45:55 +01:00
|
|
|
> More information: <https://manned.org/firejail>.
|
2018-09-27 07:18:54 +01:00
|
|
|
|
|
|
|
|
- Integrate firejail with your desktop environment:
|
|
|
|
|
|
|
|
|
|
`sudo firecfg`
|
|
|
|
|
|
|
|
|
|
- Open a restricted Mozilla Firefox:
|
|
|
|
|
|
|
|
|
|
`firejail {{firefox}}`
|
|
|
|
|
|
|
|
|
|
- Start a restricted Apache server on a known interface and address:
|
|
|
|
|
|
|
|
|
|
`firejail --net={{eth0}} --ip={{192.168.1.244}} {{/etc/init.d/apache2}} {{start}}`
|
|
|
|
|
|
|
|
|
|
- List running sandboxes:
|
|
|
|
|
|
|
|
|
|
`firejail --list`
|
|
|
|
|
|
|
|
|
|
- List network activity from running sandboxes:
|
|
|
|
|
|
|
|
|
|
`firejail --netstats`
|
|
|
|
|
|
|
|
|
|
- Shutdown a running sandbox:
|
|
|
|
|
|
|
|
|
|
`firejail --shutdown={{7777}}`
|
2024-03-27 07:06:18 +00:00
|
|
|
|
|
|
|
|
- Run a restricted Firefox session to browse the internet:
|
|
|
|
|
|
|
|
|
|
`firejail --seccomp --private --private-dev --private-tmp --protocol=inet firefox --new-instance --no-remote --safe-mode --private-window`
|
|
|
|
|
|
|
|
|
|
- Use custom hosts file (overriding `/etc/hosts` file):
|
|
|
|
|
|
|
|
|
|
`firejail --hosts-file={{~/myhosts}} {{curl http://mysite.arpa}}`
|
