How to Sandbox Non-trusted Apps in Linux Systems


Sometimes we ought to run a utility that we do no longer accept as true with, however, we’re afraid that it might have a look at or delete our non-public statistics, on account that despite the fact that Linux structures are less at risk of malware, they’re not absolutely immune. Maybe you need to get admission to a shady-sounding internet site. Or possibly you want to get the right of entry to your financial institution account, or another site dealing with touchy personal information. You might accept it as true with the website, but do now not accept it as true with the accessories or extensions established on your browser.

In every one of the above instances, sandboxing is useful. The concept is to restrict the non-relied utility in an isolated container -a sandbox– so that it does now not have to get right of entry to our non-public statistics, or the alternative programs on our machine. At the same time as there may be software known as Sandboxie that does what we need, it’s far the handiest available for Microsoft windows. But Linux customers need no longer fear since we’ve Firejail for the job.

So without similarly ado, let us see a way to install Firejail on a Linux device and use it to sandbox apps in Linux:

Install Firejail

If you are using Debian, Ubuntu, or Linux Mint, open up the Terminal, and enter the subsequent command:

[sourcecode]sudo apt set up firejail[/sourcecode]

Input your account password, and press enter. In case you are requested for an affirmation, kind y, and press enter once more.

If you are using Fedora, or any other RedHat-based distribution, just update apt with yum. The rest of the commands remain the same:

[sourcecode]sudo yum deploy firejail[/sourcecode]

You’re now geared up to run Firejail.

Elective: set up the Graphical Interface
You could choose to install the respectable graphical front-end for Firejail known as Firetools. It isn’t always to be had inside the legitimate repositories, so we will manually install it.

1. Download the setup file to your gadget. Debian, Ubuntu, and Mint users must download the document finishing with.Deb. I’m on a sixty-four-bit Mint setup, so I selected firetools_0.9.40.1_1_amd64.deb.

2. After the download is complete, open the Terminal, and navigate to your Downloads folder by running cd ~/Downloads.

3. Now install the Firetools package by running the command sudo dpkg -i firetools*.deb.

4. Enter your password, hit Enter, and you’re done.

Basic Usage

In a Terminal, write firejail, followed via the command that you need to run. As an instance, to run Firefox:

[sourcecode]firejail firefox[/sourcecode]

Make certain to shut all Firefox windows first. If you don’t, it’s going to just open a new tab or window inside the modern consultation – negating any safety gain you would get from Firejail.

In addition, for Google Chrome:

[sourcecode]firejail google-chrome[/sourcecode]

Going for walks instructions like this gives the software get right of entry to just a few wanted configuration directories, and your Downloads folder. Get right of entry to the rest of the document gadget, and the alternative directories in your house folder are restricted. This may be verified via trying to get admission to my home folder from Chrome:

chrome restricted

As you could see, a maximum of my folders, together with images, files, and others aren’t on hand from the sandboxed chrome. If I nevertheless attempt to get entry to them via editing the URL, I will get a record now not discovered mistakes:

chrome acces denied

Every so often, you would possibly need more regulations, as an example, you may need to use a totally clean browser profile without a records, and no add-ons. Allow’s say you don’t need your web browser to get admission to your Downloads folder either. For that, we will use the private option. Run the utility as follows:

[sourcecode]firejail google-chrome –personal[/sourcecode]

This approach absolutely restricts the application – it constantly begins in a clean nation, and cannot even create or down load any new files.

Run Doubtful Applications Securely On Linux With Firejail

That is it from our side when it comes to sandboxing non-relied on apps in Linux with Firejail. If you want to research more approximately the advanced sandboxing options that Firejail offers, check the official documentation. What do you use Firejail for? Has it saved you from malicious applications or websites? Make certain to allow us to realize by dropping us a line inside the remarks section underneath.

How to Delete Your Digital Footprint in Seconds

Click to rate this post!
[Total: 0 Average: 0]

Like it? Share with your friends!



Your email address will not be published. Required fields are marked *