Lightweight Linux sandbox...

Discussion in 'sandboxing & virtualization' started by deBoetie, Feb 5, 2015.

  1. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,149
    Location:
    UK
    A plug in this section for the Unix thread:

    https://www.wilderssecurity.com/threads/firejail-linux-sandbox.369309

    This is about the program Firejail which provides an easy-to-use sandbox for Linux applications. It uses kernel functions including seccomp-bpf and chroot and has some out-of-the box profiles for Ice Weasel and Firefox. Chrome is already using some of these techniques, although Firejail gives more control (for example offering a private function which will delete everything). I've found it easy to run other programs like LibreOffice under it and there is scope for customizing profiles. My experience is that it's much easier than Apparmor, and reminds me in some ways of Sandboxie.

    For those who believe sandboxing isn't beneficial for Linux, reflect on Flash and Firefox....
     
Loading...