[HN Gopher] Firejail - Sandbox Linux Applications ___________________________________________________________________ Firejail - Sandbox Linux Applications Author : thushanfernando Score : 24 points Date : 2020-11-10 21:39 UTC (1 hours ago) (HTM) web link (github.com) (TXT) w3m dump (github.com) | pythux wrote: | I have been using Firejail for a few years now and absolutely | love it. It is now a central part of my setup and workflows. Here | are two features I use regularly: | | - The "virtual home" specified with --private=/path/to/folder | runs the app with the specified folder as a home folder. I use | this for all the apps I sandbox to make sure my real home does | not get polluted by tens of config files, cache, etc. Removing | all traces of an app is now as easy as deleting /path/to/folder; | I find this pretty neat to keep my home folder organized (each | app gets its own home in ~/.sandboxes/<app name>). | | - Starting an app with --private (without any argument) will run | it into a temporary/disposable home folder which will be cleaned | up when the app is stopped. I use it to run some apps I don't | really trust and don't need persistence for (e.g. I start Chrome | with this option so that I get a fresh home, hence profile, every | time I need it, same for Zoom when I need to join a meeting---not | very often). | | And of course all the profiles that are built-in to customize the | sandboxing to most popular apps is great! | | I'm really thankful for the work being done on this project. | cameronperot wrote: | I've used Firejail for years and can definitely recommend it! It | has a lot of nifty features, e.g. network namespacing via the | --net argument. | qwerty456127 wrote: | Can this provide application firewall kind of network control, | like Little Snitch? | neolog wrote: | Sandboxing needs to happen by default for all applications, | without additional work by users. It needs to be an OS-level | feature. | srgpqt wrote: | Neat. On the server, we use bubblewrap, a similar tool | (comparison with firejail is in bubblewrap readme) | | https://github.com/containers/bubblewrap ___________________________________________________________________ (page generated 2020-11-10 23:01 UTC)