Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Questions about the project and the distribution - obviously no support questions here please
InChrist
Level 3
Level 3
Posts: 144
Joined: Wed Apr 12, 2017 4:17 pm
Contact:

Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Postby InChrist » Sat May 06, 2017 2:16 pm

I am a newbie on Linux. Do you also recommend this to me?

HP-ProBook-470-G3 Kernel: 4.4.0-53-generic x86_64
Cinnamon 3.2.7, Linux Mint 18.1
Last edited by InChrist on Sun May 07, 2017 6:10 am, edited 3 times in total.
I would be happy to receive competent clear help.

Newbie on Linux.
No terminal use strongy preferred right now if any other helpful solution.
HP-ProBook-470-G3 Kernel: 4.8.0-53-generic x86_64
Cinnamon 3.4.3, Linux Mint 18.2 64-bit

Lemongrass38
Level 4
Level 4
Posts: 344
Joined: Mon Dec 12, 2016 11:29 pm
Location: Central Europe

Re: Firejail as security sandbox for your programs

Postby Lemongrass38 » Sat May 06, 2017 5:18 pm

Why not? This can't do much harm to you.
You just have to get used to using the Downloads folder for downloading. The rest will be blocked by firejail.
If your issue is solved, please be so kind and indicate that by editing the topic title in the first post. :)

User avatar
xenopeek
Level 24
Level 24
Posts: 21379
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Can I use Chrome, Zoom, Teamviewer

Postby xenopeek » Sun May 07, 2017 4:36 am

I'm unclear as to what the question has to do with a tutorial on using Firejail. Hence I split the posts from the tutorial and moved them here.
Image

User avatar
Moem
Level 11
Level 11
Posts: 3693
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: Can I use Chrome, Zoom, Teamviewer

Postby Moem » Sun May 07, 2017 5:42 am

I believe that 'this' in the sentence 'Do you also recommend this to me?' refers to FireJail.
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!

InChrist
Level 3
Level 3
Posts: 144
Joined: Wed Apr 12, 2017 4:17 pm
Contact:

Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Postby InChrist » Sun May 07, 2017 6:08 am

Yes, I wanted to know if I can easily use Zoom, Teamviewer, Chrome with Firejail.

Also I am interested if I really need Firejail if I am not playing around.

I only use programs the mint software source 1 and 2 stable.

Plus Chrome, Google eartth, Zoom, Teamviewer or maybe other external programs where I will ask about security in this mint forum before deciding whether to install one.
Last edited by killer de bug on Mon May 08, 2017 4:07 am, edited 1 time in total.
Reason: removed useless and out of subject link
I would be happy to receive competent clear help.

Newbie on Linux.
No terminal use strongy preferred right now if any other helpful solution.
HP-ProBook-470-G3 Kernel: 4.8.0-53-generic x86_64
Cinnamon 3.4.3, Linux Mint 18.2 64-bit

User avatar
Pjotr
Level 18
Level 18
Posts: 8845
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Postby Pjotr » Sun May 07, 2017 6:13 am

Besides the excellent tutorial from xenopeek, you might find it interesting to read my explanation of Firejail as well:
https://sites.google.com/site/easylinux ... ct/sandbox
Tip: 10 things to do after installing Linux Mint 18.2 Sonya
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.

User avatar
xenopeek
Level 24
Level 24
Posts: 21379
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Postby xenopeek » Sun May 07, 2017 12:02 pm

InChrist wrote:Yes, I wanted to know if I can easily use Zoom, Teamviewer, Chrome with Firejail.

Also I am interested if I really need Firejail if I am not playing around.

I only use programs the mint software source 1 and 2 stable.

Plus Chrome, Google eartth, Zoom, Teamviewer or maybe other external programs where I will ask about security in this mint forum before deciding whether to install one.

It sounds as if you haven't fully grasped what Firejail is intended to protect you from or indeed what the risks are of using programs that directly or indirectly access untrusted files.

Examples of programs that directly access untrusted files are web browsers, chat programs, instant messengers, email clients, ftp clients, feed readers, podcast clients, twitch clients, or you name it any other program that doesn't work when you disconnect your computer from the Internet :wink: While your program may be trusted you should err on the side of caution and assume it will have bugs. Some of those bugs may be exploitable by malicious content. For example a bug in the image handler could be triggered by a specially crafted image file. When you visit a website that shows this image it could let to some code being executed on your computer that does something bad. Firejail limits what access your program has to your computer so the impact of such attacks is limited. Regardless of what you do on your computer, if you're using programs connected to the Internet you are at risk. Whether you consider that risk large enough to do something about it is up to you.

Similarly the above goes for programs that don't connect to the Internet. A likely example is downloading a PDF file and opening it with your PDF viewer. The PDF viewer doesn't access the Internet but in this way it does indirectly access untrusted files. Again, a specially crafted PDF file could exploit a bug in the PDF reader to have it execute some code that does bad things on your computer. Hence programs that don't connect to the Internet but do read files downloaded from the Internet can also benefit from using Firejail on them—it limits exposure to risks.

The examples you give are for closed source programs. In general I prefer to run closed source programs in Firejail for the additional reason that nobody but the program's authors can fix security issues. Nor can anybody see what shenanigans the program's authors were up to. Did they include a backdoor in their program? Is it gathering data about you and sending it home? While Firejail can't protect you from all of these threats it can at least ensure programs have limited access to the files on your computer (depends on the Firejail profile for the program what directories and files the program can and can't access).
Image

User avatar
jimallyn
Level 16
Level 16
Posts: 6695
Joined: Thu Jun 05, 2014 7:34 pm
Location: Wenatchee, WA USA

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Postby jimallyn » Sun May 07, 2017 7:52 pm

By default, firejail 0.9.44.10-1 comes with profiles for the following applications:

Code: Select all

0ad
7z
abrowser
atom-beta
atom
atril
audacious
audacity
aweather
bitlbee
brave
cherrytree
chromium-browser
chromium
claws-mail
clementine
cmus
conkeror
corebird
cpio
cyberfox
Cyberfox
deadbeef
default
deluge
dillo
disable-common.inc
disable-devel.inc
disable-passwdmgr.inc
disable-programs.inc
dnscrypt-proxy
dnsmasq
dosbox
dropbox
emacs
empathy
eog
eom
epiphany
evince
evolution
fbreader
feh
file
filezilla
firefox-esr
firefox
firejail.config
flashpeak-slimjet
flowblade
franz
gajim
gimp
git
gitter
gnome-chess
gnome-mplayer
google-chrome-beta
google-chrome
google-chrome-stable
google-chrome-unstable
google-play-music-desktop-player
gpredict
gtar
gthumb
gwenview
gzip
hedgewars
hexchat
icecat
icedove
iceweasel
inkscape
inox
jitsi
keepass
keepassx
kmail
konversation
less
libreoffice
localc
lodraw
loffice
lofromtemplate
login.users
loimpress
lomath
loweb
lowriter
luminance-hdr
lxterminal
mathematica
Mathematica
mcabber
midori
mpv
mupdf
mupen64plus
mutt
netsurf
nolocal.net
okular
openbox
openshot
opera-beta
opera
palemoon
parole
pidgin
pix
polari
psi-plus
qbittorrent
qpdfview
qtox
quassel
quiterss
qutebrowser
ranger
rhythmbox
rtorrent
seamonkey-bin
seamonkey
server
skypeforlinux
skype
slack
snap
soffice
spotify
ssh
steam
stellarium
strings
synfigstudio
tar
telegram
Telegram
thunderbird
totem
transmission-gtk
transmission-qt
uget-gtk
unbound
unrar
unzip
uudeview
vim
virtualbox
vivaldi-beta
vivaldi
vlc
warzone2100
webserver.net
weechat-curses
weechat
wesnoth
whitelist-common.inc
wine
xchat
xpdf
xplayer
xreader
xviewer
xzdec
xz
zathura


I haven't done it yet, but I understand it is not difficult to create profiles for other applications.
Image

“If the government were coming for your TVs and cars, then you'd be upset. But, as it is, they're only coming for your sons.” - Daniel Berrigan


Return to “Non-technical Questions”