<---- template headericclude ----->
About Firejail !
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Aug 2016
    Location
    Iraq
    Posts
    1,434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    About Firejail !

    Hi. I starting to think about use of Firejail, & I have some questions before take final decision to install it or not:

    1) why it has no official or rpmfusion repository ?

    2) is it available from copr repositories ?

    3) does it has an option by which user can make an application or program always run sundboxed in firejail as long as this option is activated, even after restarting PC ? I mean, for example, an option when I apply it on master PDF editor (closed source PDF editor), then master PDF editor will always run sundboxed within firejail & remain so even after reboot, untill & deactivated the the option manually.

    4) if it is not available from any repository, then what will happen after upgrade Fedora from release to next ? Does it will deactivated & need to be reinstalled or remain active ?
    Fedora 38 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 16 GB DDR3L, HHD = 1 TB (Ext4 file system format), Hybrid (Switchable) VGA: shared "Intel Corporation HD Graphic 5500" + dedicated 2 GB "Radeon R7 M265"

  2. #2
    Join Date
    Aug 2011
    Location
    India
    Age
    38
    Posts
    412
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: About Firejail !

    I am not an expert but i use firejail So this is what i know

    1- It is a new project and few users makes it less appealing for packagers. I think.

    2- I searched copr and few repos came up. The firejail rpm is also available from their site.

    3-Yes you can create .desktop file in .local/share/applications. I have added firejail in my fvwm launcher command so when i launch it from there it starts in sandbox

    Running apps in sandbox is difficult sometimes as rights are restricted.


    4- I compile it everytime. But you can use RPM from their site. I have subscribed to their RSS feed so keeping track is not difficult.

    Again not an expert i just use it because more security?

  3. #3
    Join Date
    Nov 2016
    Location
    Germany
    Posts
    32
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: About Firejail !

    Quote Originally Posted by User808
    Hi. I starting to think about use of Firejail, & I have some questions before take final decision to install it or not:
    Congratulations! Firejail is an excellent program which makes your system much more secure. I've been using it for a long time and recommend it.

    1) why it has no official or rpmfusion repository ?
    I have no idea.

    2) is it available from copr repositories ?
    Yes, it's available from this copr. Note, that you have to execute
    Code:
    sudo chmod u+s /usr/bin/firejail
    every time you get an update from this copr.

    However, there are 2 alternatives how to install Firejail on your system:

    a) Download the newest rpm file from this site and install it manually. In order to get informed about a new release you can subscribe to this RSS feed.
    b) You can install the newest git version (the git package must be installed on your system!). This is how to do it:
    Code:
    cd ~
    rm -rf ~/firejail
    git clone https://github.com/netblue30/firejail.git
    cd firejail
    ./configure --prefix=/usr
    make
    sudo make install
    Once done, do not remove ~/firejail as it is needed to easily update the git version. Just create a file called, e.g., fireupdate:
    Code:
    cd ~/firejail
    git pull
    ./configure --prefix=/usr
    make
    sudo make install
    and make it executable. Just execute it after important commits - in order to get informed about them I suggest to subscribe to this RSS feed.

    3) does it has an option by which user can make an application or program always run sundboxed in firejail as long as this option is activated, even after restarting PC ? I mean, for example, an option when I apply it on master PDF editor (closed source PDF editor), then master PDF editor will always run sundboxed within firejail & remain so even after reboot, untill & deactivated the the option manually.
    After installing Firejail you should execute its helper programm:
    Code:
    sudo firecfg
    It creates symbolic links in /usr/local/bin pointing to /usr/bin/firejail for all your applications for which Firejail profiles are available and modifies the respective .desktop files in order to make sure that those applications are always executed sandboxed with Firejail.

    4) if it is not available from any repository, then what will happen after upgrade Fedora from release to next ? Does it will deactivated & need to be reinstalled or remain active ?
    IMHO, it doesn't get deactivated.

    EDIT: I forgot to mention that there is no Firejail profile available for your PDF editor, so you will have to create your own one (modifications of the default profile might be necessary to order to make that application run properly, possibly as a whitelisted profile. Once everything works as expected you can duplicate what sudo firecfg does by executing
    Code:
    sudo ln -s /usr/bin/firejail /usr/local/bin/whatever_your_application_is_called
    Last edited by adventurer; 9th May 2017 at 05:06 PM.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
[[template footer(Guest)]]