Page 1 of 1

Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Posted: Sat May 06, 2017 2:16 pm
by InChrist
I am a newbie on Linux. Do you also recommend this to me?

HP-ProBook-470-G3 Kernel: 4.4.0-53-generic x86_64
Cinnamon 3.2.7, Linux Mint 18.1

Re: Firejail as security sandbox for your programs

Posted: Sat May 06, 2017 5:18 pm
by Lemongrass38
Why not? This can't do much harm to you.
You just have to get used to using the Downloads folder for downloading. The rest will be blocked by firejail.

Re: Can I use Chrome, Zoom, Teamviewer

Posted: Sun May 07, 2017 4:36 am
by xenopeek
I'm unclear as to what the question has to do with a tutorial on using Firejail. Hence I split the posts from the tutorial and moved them here.

Re: Can I use Chrome, Zoom, Teamviewer

Posted: Sun May 07, 2017 5:42 am
by Moem
I believe that 'this' in the sentence 'Do you also recommend this to me?' refers to FireJail.

Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Posted: Sun May 07, 2017 6:08 am
by InChrist
Yes, I wanted to know if I can easily use Zoom, Teamviewer, Chrome with Firejail.

Also I am interested if I really need Firejail if I am not playing around.

I only use programs the mint software source 1 and 2 stable.

Plus Chrome, Google eartth, Zoom, Teamviewer or maybe other external programs where I will ask about security in this mint forum before deciding whether to install one.

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Posted: Sun May 07, 2017 6:13 am
by Pjotr
Besides the excellent tutorial from xenopeek, you might find it interesting to read my explanation of Firejail as well:
https://sites.google.com/site/easylinux ... ct/sandbox

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Posted: Sun May 07, 2017 12:02 pm
by xenopeek
InChrist wrote:Yes, I wanted to know if I can easily use Zoom, Teamviewer, Chrome with Firejail.

Also I am interested if I really need Firejail if I am not playing around.

I only use programs the mint software source 1 and 2 stable.

Plus Chrome, Google eartth, Zoom, Teamviewer or maybe other external programs where I will ask about security in this mint forum before deciding whether to install one.
It sounds as if you haven't fully grasped what Firejail is intended to protect you from or indeed what the risks are of using programs that directly or indirectly access untrusted files.

Examples of programs that directly access untrusted files are web browsers, chat programs, instant messengers, email clients, ftp clients, feed readers, podcast clients, twitch clients, or you name it any other program that doesn't work when you disconnect your computer from the Internet :wink: While your program may be trusted you should err on the side of caution and assume it will have bugs. Some of those bugs may be exploitable by malicious content. For example a bug in the image handler could be triggered by a specially crafted image file. When you visit a website that shows this image it could let to some code being executed on your computer that does something bad. Firejail limits what access your program has to your computer so the impact of such attacks is limited. Regardless of what you do on your computer, if you're using programs connected to the Internet you are at risk. Whether you consider that risk large enough to do something about it is up to you.

Similarly the above goes for programs that don't connect to the Internet. A likely example is downloading a PDF file and opening it with your PDF viewer. The PDF viewer doesn't access the Internet but in this way it does indirectly access untrusted files. Again, a specially crafted PDF file could exploit a bug in the PDF reader to have it execute some code that does bad things on your computer. Hence programs that don't connect to the Internet but do read files downloaded from the Internet can also benefit from using Firejail on them—it limits exposure to risks.

The examples you give are for closed source programs. In general I prefer to run closed source programs in Firejail for the additional reason that nobody but the program's authors can fix security issues. Nor can anybody see what shenanigans the program's authors were up to. Did they include a backdoor in their program? Is it gathering data about you and sending it home? While Firejail can't protect you from all of these threats it can at least ensure programs have limited access to the files on your computer (depends on the Firejail profile for the program what directories and files the program can and can't access).

Re: Firejail needed / able to handle Chrome, Zoom, Teamviewer, rebvoice?

Posted: Sun May 07, 2017 7:52 pm
by jimallyn
By default, firejail 0.9.44.10-1 comes with profiles for the following applications:

Code: Select all

0ad
7z
abrowser
atom-beta
atom
atril
audacious
audacity
aweather
bitlbee
brave
cherrytree
chromium-browser
chromium
claws-mail
clementine
cmus
conkeror
corebird
cpio
cyberfox
Cyberfox
deadbeef
default
deluge
dillo
disable-common.inc
disable-devel.inc
disable-passwdmgr.inc
disable-programs.inc
dnscrypt-proxy
dnsmasq
dosbox
dropbox
emacs
empathy
eog
eom
epiphany
evince
evolution
fbreader
feh
file
filezilla
firefox-esr
firefox
firejail.config
flashpeak-slimjet
flowblade
franz
gajim
gimp
git
gitter
gnome-chess
gnome-mplayer
google-chrome-beta
google-chrome
google-chrome-stable
google-chrome-unstable
google-play-music-desktop-player
gpredict
gtar
gthumb
gwenview
gzip
hedgewars
hexchat
icecat
icedove
iceweasel
inkscape
inox
jitsi
keepass
keepassx
kmail
konversation
less
libreoffice
localc
lodraw
loffice
lofromtemplate
login.users
loimpress
lomath
loweb
lowriter
luminance-hdr
lxterminal
mathematica
Mathematica
mcabber
midori
mpv
mupdf
mupen64plus
mutt
netsurf
nolocal.net
okular
openbox
openshot
opera-beta
opera
palemoon
parole
pidgin
pix
polari
psi-plus
qbittorrent
qpdfview
qtox
quassel
quiterss
qutebrowser
ranger
rhythmbox
rtorrent
seamonkey-bin
seamonkey
server
skypeforlinux
skype
slack
snap
soffice
spotify
ssh
steam
stellarium
strings
synfigstudio
tar
telegram
Telegram
thunderbird
totem
transmission-gtk
transmission-qt
uget-gtk
unbound
unrar
unzip
uudeview
vim
virtualbox
vivaldi-beta
vivaldi
vlc
warzone2100
webserver.net
weechat-curses
weechat
wesnoth
whitelist-common.inc
wine
xchat
xpdf
xplayer
xreader
xviewer
xzdec
xz
zathura
I haven't done it yet, but I understand it is not difficult to create profiles for other applications.