[SOLVED] Firejail questions

Questions about applications and software
Forum rules
Before you post please read how to get help

LMDE 2 support ends on 1-1-2019
Post Reply
Fuzzy
Level 3
Level 3
Posts: 146
Joined: Thu Jul 28, 2011 11:54 am

[SOLVED] Firejail questions

Post by Fuzzy » Mon Oct 31, 2016 12:28 pm

Fred posted that firejail is available via "backports". I'm not totally up on the lingo, but I tried to look up firejail to see what it was, and what it did. It sounds great!

However, what I found was rather confusing - everything from "it will break you system and cause problems with all sorts of programs" - to "it's the best security software ever (for LINUX)"

In reading through various postings on the board (and visiting firejail's webpage), I'm still somewhat confused about firejail, and its propensity (or lack thereof) to cause grief to a system.

In some documentation, firejail sounds as if it is like any other program out there: Installs, and only applies itself to whichever task the user wants to use it on. Other documentation makes it sound like the mere installation can cause issues with various software.

I'd love to use firejail to help secure my system(s), but I'm a little leery of doing so until I have a better grasp of what to expect as far as system impact. (...and I don't have time right now to install/test it on a VM) Any help clarifying would be greatly appreciated.

What I'm hoping it will do:
1. Install without impacting any programs
2. Allow me to tell it specifically which programs I want to utilize it on
3. Uninstall cleanly if necessary (and without repercussions)

Will it work on LMDE2?

Is there a recommended use (per program vs system-wide, etc.?)

Thanks!
Last edited by Fuzzy on Mon Oct 31, 2016 2:26 pm, edited 1 time in total.

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4156
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Firejail questions

Post by Fred Barclay » Mon Oct 31, 2016 12:49 pm

G'day Fuzzy!

Firejail is indeed available through the backports, though it's a slightly old version (0.9.42 vs the latest 0.9.44 which also includes some security improvements). If you want to install the latest you can download it from https://sourceforge.net/projects/fireja ... /firejail/, else just use apt to grab 0.9.42. Both versions work perfectly with LMDE 2.

Firejail only affects software that you tell it to. IF I say firejail firefox then firefox will start inside of firejail, but if I just start firefox as normal then it won't be running inside firejail. This is the same for every program.

There is one bug with firejail (actually, with PulseAudio). For some systems, firejail messes up the system sounds and you have to reboot to get 'em back to normal. If this occurs, just follow the instructions https://firejail.wordpress.com/support/ ... pulseaudio and reboot, and firejail should behave itself. ;) (To undo those instructions, rm -rf ~/.config/pulse and reboot.)

To completely remove firejail, use

Code: Select all

sudo apt-get --purge autoremove firejail && rm -rf .config/firejail
and you should be good to go.

As far as recommended usage, I'd start slowly and only apply it to one or two programs. Once you get the hang of firejail and are comfortable with it, then look at applying it system wide if you want.

Cheers!
Fred
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Fuzzy
Level 3
Level 3
Posts: 146
Joined: Thu Jul 28, 2011 11:54 am

Re: Firejail questions

Post by Fuzzy » Mon Oct 31, 2016 1:00 pm

Thanks Fred! That's exactly what I was looking for.

Now...next newbie question...what exactly is a backport?

Fuzzy

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4156
Joined: Sat Sep 13, 2014 11:12 am
Location: Bumping around in the bush

Re: Firejail questions

Post by Fred Barclay » Mon Oct 31, 2016 1:08 pm

Backports are newer versions of packages than those available in the Debian Stable repos, that are compiled for Debian Stable and made available through the backports repository.

For example, the latest LibreOffice in Debian Stable's repositories is version 4.3. But version 5.2 has been backported to Debian Stable and is in the "jessie-backports" repository.

More info:
https://backports.debian.org/
https://wiki.debian.org/Backports

Hope this helps,
Fred
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

Fuzzy
Level 3
Level 3
Posts: 146
Joined: Thu Jul 28, 2011 11:54 am

Re: Firejail questions

Post by Fuzzy » Mon Oct 31, 2016 1:24 pm

Thanks Fred,

I guess I've used backports before - just didn't know what they were called, or why the term backport was used (the term "back"ports seems contrary to the forwardness of getting "newer" software).

At any rate, I've been able to install Firejail, so I'll give it a test and see how things work.

Thanks again!
Fuzzy

Post Reply

Return to “Software & Applications”