Page MenuHomeSolus

Firejail
Closed, ResolvedPublic

Description

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities.

https://github.com/netblue30/firejail

Event Timeline

tanasinn created this task.Aug 3 2016, 12:04 PM
JoshStrobl triaged this task as Normal priority.Aug 3 2016, 12:06 PM
JoshStrobl added a subscriber: JoshStrobl.

Questionable whether we really need this in Solus or not. You shouldn't be running untrusted applications on Solus in the first place and we wouldn't be providing via the repo "untrusted applications".

JoshStrobl renamed this task from Package Request: Firejail to Firejail.Aug 3 2016, 12:07 PM

I was thinking more of being able to run e.g. the browser in Firejail (not as a default of course) to limit the impact of browser exploits etc.

In T4#69, @tanasinn wrote:

I was thinking more of being able to run e.g. the browser in Firejail (not as a default of course) to limit the impact of browser exploits etc.

Browser exploits from what exactly? Chrome does per-process isolation and sandboxing and any "exploits" would be CVEs, which already get addressed.

It would act more as a protection against zero-day vulnerabilities, and would have e.g. helped against this Firefox bug due to only letting Firefox access a few select folders.

Here is another example:
https://l3net.wordpress.com/2016/01/20/firejail-target-practice-cve-2016-0728/

But yeah, I guess the general interest in this package would be pretty low so those interested can just compile it themselves.

We released that Firefox update within moments of the Firefox release going public on Mozila's infra:
https://git.solus-project.com/packages/firefox/tag/?h=firefox-39.0.3-23

DataDrake closed this task as Wontfix.Oct 28 2016, 7:29 PM
DataDrake claimed this task.
DataDrake closed subtask T660: firejail as Wontfix.
ikey changed the task status from Wontfix to Resolved.Nov 27 2016, 7:15 PM
ikey claimed this task.
ikey closed subtask T660: firejail as Resolved.
ikey added a subscriber: DataDrake.

Commandeered and resolved.