$schemamarkup = get_post_meta(get_the_ID(), 'schemamarkup', true); if(!empty($schemamarkup)) { echo $schemamarkup; }

How to Get Started With Firejail on Gnu/Linux

April 22, 2021 | By the+gnu+linux+evangelist.

Getting Started

  1. 2. Launching Apps

    Now to Launch Programs with Firejail
    The general Command is like:

    firejail [MYAPP]

    So for instance to Launch Firefox, Transmission or VLC into a Firejail Sandbox respectively:

    firejail firefox
    firejail transmission-gtk
    firejail vlc

  2. 3. Firejail Desktop Integration

    Again to Integrate Firejail into Desktop
    Simply play:

    sudo firecfg

    After this Setup any App started by a Desktop Launcher will run confined into a Sandbox.
    And to Add any New App Repeat this Command after any Setup.
    You can always check if your application was sandboxed by running:

    firejail --list
    Sandbox list

    And you can also keep a Terminal tracking you Sandboxes with:

    firejail --top

    You can also Add a single App to Firejail on Command Line simply by making a Symlink into /usr/local/bin.
    As for instance for the Google-Chrome Web Browser:

    sudo ln -s /usr/bin/firejail /usr/local/bin/google-chrome

    After to make it works you may have to Fix the setup running:

    firecfg --fix

    But if you want to Remove some Apps from the Firejail Configuration it’s enough to Delete the Symbolic Link in /usr/local/bin/.
    To find out them All run:

    ls -l /usr/local/bin/ | grep firejail

    Then for example to remove gnome-screenshot from the Set play:

    sudo unlink /usr/local/bin/gnome-screenshot

    Or to remove them All:

    sudo firecfg --clean

    Finally, to Configure a single App to Run Sandboxed you may also use the Firejail GUI Firetools!

  3. 4. Whitelisting Targets

    Now to Enable Directories per App basis
    Because with the default Profile for Web Browsers you’ll have a serious Issue managing your Downloads.
    So to Whitelist just the Downloads Folder on the Google-Chrome Configuration edit the File with:

    sudo nano /etc/firejail/google-chrome.profile

    Appending:

    whitelist ${HOME}/Downloads

    Ctrl+x to Save and Exit!
    To List all the available Profiles:

    ls /etc/firejail/

    Again to Search for someone use the Grep Tool as in:

    ls /etc/firejail/ | grep -i chrome

    The grep Command refine the output List showing only the Entries matching the Keyword.
    Finally, the “-i” Flag is for “insensitive to case”.

Contents


Pages: 1 2