FireJail - Linux sandbox

Discussion in 'all things UNIX' started by Gitmo East, Oct 16, 2014.

  1. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    805
    I don't know as I haven't checked how the configure file in that *.tar.xz file looks like. If it contains a line

    ac_default_prefix=/usr/local

    we've found the culprit.
     
  2. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,025
    Location:
    Canada
    just checked in gedit and yes, it's in there.
     
  3. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,025
    Location:
    Canada
    BTW @summerheat,

    this discussion with you has been beneficial in other ways. After exploring through some of the firejail profiles, it occurred to me that I could simply put my options in the profile, rather than creating a separate launcher for them :oops: So now in the chromium.profile I've added:

    Code:
    caps.keep sys_chroot,sys_admin 
    x11 xorg
    nonewprivs
    ...and deleted the custom launcher. I also generated symlinks with your suggestion: sudo firecfg

    Thanks for your help :thumb:
     
  4. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    805
    You're very welcome! I'm glad that I could help you.
     
  5. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    805
    That script works well but can be simplified by using git pull which fetches only changes from the git repository which makes the download size much smaller.

    So this is what I recommend:

    If you're installing the git branch of Firejail for the first time use this script:
    Code:
    cd ~
    rm -rf ~/firejail
    git clone https://github.com/netblue30/firejail.git
    cd firejail
    ./configure --prefix=/usr
    make
    sudo make install
    From now on use this script in order to update Firejail:
    Code:
    cd ~/firejail
    git pull
    ./configure --prefix=/usr
    make
    sudo make install
    
    Works well for me.
     
  6. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    2,025
    Location:
    Canada
    Thanks summerheat! Will this script still work even if I installed firejail using one of the tar.xz archives from sourceforge?
     
  7. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    805
    Well, the ~/firejail diretory must exist and it must be identical with the one created by git clone. I don't know if that's the case.
     
  8. SuperSapien

    SuperSapien Registered Member

    Joined:
    Apr 9, 2015
    Posts:
    142
    Is Firejail compatible with the Slimjet browser and Kodi Player?
     
  9. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    805
    Firejail doesn't come with ready-to-use profiles for those applications. So you have to create your own ones which shouldn't be too difficult. See also this site for whitelisted profiles.
     
Loading...