Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 24/25 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 6th May 2017, 06:38 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 539
linuxfedorafirefox
About Firejail !

Hi. I starting to think about use of Firejail, & I have some questions before take final decision to install it or not:

1) why it has no official or rpmfusion repository ?

2) is it available from copr repositories ?

3) does it has an option by which user can make an application or program always run sundboxed in firejail as long as this option is activated, even after restarting PC ? I mean, for example, an option when I apply it on master PDF editor (closed source PDF editor), then master PDF editor will always run sundboxed within firejail & remain so even after reboot, untill & deactivated the the option manually.

4) if it is not available from any repository, then what will happen after upgrade Fedora from release to next ? Does it will deactivated & need to be reinstalled or remain active ?
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #2  
Old 7th May 2017, 12:40 AM
topiwala Online
Registered User
 
Join Date: Aug 2011
Location: India
Age: 31
Posts: 333
linuxfedorafirefox
Re: About Firejail !

I am not an expert but i use firejail So this is what i know

1- It is a new project and few users makes it less appealing for packagers. I think.

2- I searched copr and few repos came up. The firejail rpm is also available from their site.

3-Yes you can create .desktop file in .local/share/applications. I have added firejail in my fvwm launcher command so when i launch it from there it starts in sandbox

Running apps in sandbox is difficult sometimes as rights are restricted.


4- I compile it everytime. But you can use RPM from their site. I have subscribed to their RSS feed so keeping track is not difficult.

Again not an expert i just use it because more security?
Reply With Quote
  #3  
Old 9th May 2017, 04:54 PM
adventurer Offline
Registered User
 
Join Date: Nov 2016
Location: Germany
Posts: 25
linuxfedorafirefox
Re: About Firejail !

Quote:
Originally Posted by User808 View Post
Hi. I starting to think about use of Firejail, & I have some questions before take final decision to install it or not:
Congratulations! Firejail is an excellent program which makes your system much more secure. I've been using it for a long time and recommend it.

Quote:
1) why it has no official or rpmfusion repository ?
I have no idea.

Quote:
2) is it available from copr repositories ?
Yes, it's available from this copr. Note, that you have to execute
Code:
sudo chmod u+s /usr/bin/firejail
every time you get an update from this copr.

However, there are 2 alternatives how to install Firejail on your system:

a) Download the newest rpm file from this site and install it manually. In order to get informed about a new release you can subscribe to this RSS feed.
b) You can install the newest git version (the git package must be installed on your system!). This is how to do it:
Code:
cd ~
rm -rf ~/firejail
git clone https://github.com/netblue30/firejail.git
cd firejail
./configure --prefix=/usr
make
sudo make install
Once done, do not remove ~/firejail as it is needed to easily update the git version. Just create a file called, e.g., fireupdate:
Code:
cd ~/firejail
git pull
./configure --prefix=/usr
make
sudo make install
and make it executable. Just execute it after important commits - in order to get informed about them I suggest to subscribe to this RSS feed.

Quote:
3) does it has an option by which user can make an application or program always run sundboxed in firejail as long as this option is activated, even after restarting PC ? I mean, for example, an option when I apply it on master PDF editor (closed source PDF editor), then master PDF editor will always run sundboxed within firejail & remain so even after reboot, untill & deactivated the the option manually.
After installing Firejail you should execute its helper programm:
Code:
sudo firecfg
It creates symbolic links in /usr/local/bin pointing to /usr/bin/firejail for all your applications for which Firejail profiles are available and modifies the respective .desktop files in order to make sure that those applications are always executed sandboxed with Firejail.

Quote:
4) if it is not available from any repository, then what will happen after upgrade Fedora from release to next ? Does it will deactivated & need to be reinstalled or remain active ?
IMHO, it doesn't get deactivated.

EDIT: I forgot to mention that there is no Firejail profile available for your PDF editor, so you will have to create your own one (modifications of the default profile might be necessary to order to make that application run properly, possibly as a whitelisted profile. Once everything works as expected you can duplicate what sudo firecfg does by executing
Code:
sudo ln -s /usr/bin/firejail /usr/local/bin/whatever_your_application_is_called

Last edited by adventurer; 9th May 2017 at 05:06 PM.
Reply With Quote
Reply

Tags
firejail

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


Current GMT-time: 15:15 (Monday, 29-05-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat