Forum rules
Please don't add support questions to tutorials,start your own thread in the appropriate sub-forum instead. Before you post please read this
SourceForge has a new owner, that is taking actions to rebuild community trust (doing away with the bundle installers): https://sourceforge.net/blog/sourceforg ... ure-plans/. In any case, firejail downloads from SourceForge were never an issue but use whatever works for you. It's temporary anyway as with Linux Mint 18 it will be in the repositories.
Is there a way to the CL cmd
$ firejail --private --dns=8.8.8.8 --dns=8.8.4.4 firefox -no-remote
into the .profile ? in /etc/firejail? Will it work from the menu editor? I would like to make it persistent and not have to launch from the terminal every time I go online for banking.
1) the Universe repository is enabled by default on Linux Mint
2) Linux Mint 17.x are based on Ubuntu 14.04 "trusty", which doesn't have firejail in its repositories
As I noted somewhere, Linux Mint 18 will have firejail in its repositories (Ubuntu added it to its repositories from 15.10) so you will be able to install it through Software Manager on that.
If you prefer to download the .deb file from Ubuntu and use that on Linux Mint go ahead. I take it they repackaged it; the .debian.tar.xz didn't look to have any significant difference from the official firejail source. I didn't mention this because, why? There is an official .deb file that you can download so why bother with the Ubuntu one. There is no benefit; unlike with LMDE 2 where you can add the Debian testing repo to install firejail, using the Ubuntu .deb file doesn't provide you with automatic updates. You'll still have to manually download updates. So why not just use the official package.
xenopeek wrote:... sing the Ubuntu .deb file [from that repo?] doesn't provide you with automatic updates. You'll still have to manually download updates. So why not just use the official package.
Thanks, you guessed why I was asking about adding the repo. I thought doing it this way would give me automatic updates, and you're right, if it doesn't, then there would be no advantage.
Actually, I don't see the Universe repo, when looking at 'Additional Repositories' in synaptic, on my installation. I assume that's where it would be, if it were there? I take your word that it should be there, however, and I'm likely to blame for losing it during a misguided cleaning attempt, in the past.
I been playing with firejail and found a few nuances. And before I get lectured - I have read the tutorial (several times) and have read the man pages (several times). One thing is if you edit the menu with the firejail command that will make it persistent which is great but it won't effect an already existing shortcut say like on your desktop. The solution for me was to delete the shortcut and remake it from the menu after editing the command. In hind sight I guess that is an obvious behavior but it was puzzling at first.
The other thing that is not clear to me is blacklist/whitelist. I understand the concept well enough - I even worked with it extensively on another platform in another life actually. I just cannot see how to toggle that I want to blacklist everything as the default or whitelist everything by default so that I can blacklist/whitelist the exceptions. I see profiles with a line that starts with "noblacklist" then further down specific whitelist paths this does not seem intuitive - why would I have to whitelist anything if there are noblacklist. On the other hand I see profiles that just show specific "blacklist" paths - so by default everything is whitelisted? And the opposite - profiles where only specific "whitelist" paths are defined. Does just by simply defining one specific whitelist/blacklist path render by default everything else the opposite? - then why the noblacklist? I get the include disable profiles with the habitual blacklists even the whitelist common profile. I just have not figured out how to whitelist/blacklist everything and be sure I am setting only the exceptions.
If none of this makes sense - no problem - I will figure it out eventually.
whitelist
- by default everything in your home directory is visible to the sandbox
- whitelist makes only the specific paths you whitelist visible to the sandbox; any files or directories created in your home directory outside of those paths are discarded after the sandbox closes
- whitelist is thus a way to say "dear program X, you can see and modify this part of my home directory, but everything else in my home direcotry I'll keep secret and if you write anything there I'll just toss it away once you are done"
blacklist
- makes the given path inaccessible; it can't be read from or written to (if it's a directory you can't see its content)
- has no relation to whitelist
noblacklist
- the default profiles use include (.inc) files with default blacklist rules
- for some programs you may need to make an exception to those defaults, which is what noblacklist does—disable blacklisting of a specific path
THX X - I have been playing with firejail - I guess it is as much a toy as a tool - probably not quite the right way to put it but I enjoy tinkering with it.
One more question - if I install DNScrypt would it be OK to edit the fairjail command to dns=127.0.0.2 or should I just remove it?
I tested DNScrypt with firejail dns=8.8.8.8 firejail dns=8.8.8.8 will override DNScrypt
DNScrypt works fine when firejail dn=8.8.8.8 is removed
I tried dns=127.0.0.2 and dns=176.56.237.171 but they fail to even launch the browser.
I was trying to get the combined benefits of both firejail and DNScrypt with out going through a VPN
xenopeek wrote:Linux Mint 18 will have firejail in its repositories
One year later, can somebody tell me which version of firejail one can actually find in the Mint 18 repositories? The current one (0.9.44.8)? The LTS one (0.9.38.10)? A different one?
xenopeek wrote:Linux Mint 18 will have firejail in its repositories
One year later, can somebody tell me which version of firejail one can actually find in the Mint 18 repositories? The current one (0.9.44.? The LTS one (0.9.38.10)? A different one?
(Looking for reasons to upgrade my Mint...)
Currently 0.9.38-1ubuntu0.1, which is essentially 0.9.38.1 with some added cherry-picked security fixes from later versions.
However, the process for getting the latest of the upstream Firejail LTS branch (0.9.38.10) into the official Ubuntu repo's for 16.04 Xenial (and therefore for Mint 18.x), has started: https://bugs.launchpad.net/ubuntu/xenia ... ug/1658824
It'll probably be a matter of days before the SRU Verification team of Ubuntu, will release 0.9.38.10 for Xenial (and Mint 18.x): the micro release has already been committed and verified.
for both installed and latest version. Firetools is 0.9.30-1, both installed and latest.
Since they have to be manually installed, which have I really got installed or, are they the same but the CL just didn't show the .10? Is my FJ quite up to date then?
xdicey wrote:I've been following the latest posts re firejail just to make sure my 17.2 Cinnamon is up to date.
Since they have to be manually installed, which have I really got installed or, are they the same but the CL just didn't show the .10? Is my FJ quite up to date then?
No. Firejail isn't in the repo's for Mint 17.x (Ubuntu 14.04), and never will be.... In Mint 17.x you have to install Firejail manually, and keep it updated manually as well.