• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

firejail Command Examples in Linux

by Deepika

Firejail is a security tool that allows you to run processes in a sandbox environment using Linux’s built-in namespace and cgroups capabilities. Essentially, it creates a “jail” or isolated environment for a process to run in, which limits its access to the host system and other processes. This can help prevent malicious or compromised processes from escaping the jail and causing damage to the host system or other processes.

Firejail uses a number of different features to create the jail and restrict the process’s access. These include:

  • Namespaces: Firejail uses Linux’s namespace feature to isolate the process from the host system’s environment. This includes isolating the process’s view of the file system, network, and other resources.
  • Seccomp: Firejail uses the seccomp (secure computing mode) feature to restrict the system calls that the process is allowed to make. This can help prevent the process from making dangerous or unauthorized system calls.
  • Apparmor and SELinux: Firejail can also use Apparmor and SELinux (mandatory access control systems) to further restrict the process’s access to the host system.
  • cgroups: Firejail uses cgroups (control groups) to limit the resources that the process can access, such as CPU and memory usage.

firejail Command Examples

1. Integrate firejail with your desktop environment:

# firecfg

2. Open a restricted Mozilla Firefox:

# firejail firefox

3. Start a restricted Apache server on a known interface and address:

# firejail --net=eth0 --ip=192.168.1.244 /etc/init.d/apache2 start

4. List running sandboxes:

# firejail --list

5. List network activity from running sandboxes:

# firejail --netstats

6. Shutdown a running sandbox:

# firejail --shutdown=7777

Filed Under: Linux

Some more articles you might also be interested in …

  1. k8sec Command Examples
  2. ceph: command not found
  3. jmtpfs Command Examples
  4. fc: Open the most recent command and edit it
  5. pdfxup: command not found
  6. ect: Efficient Compression Tool
  7. extundelete: command not found
  8. ansible-doc – Display information on modules installed in Ansible libraries
  9. Yum Fails with “Error: database disk image is malformed” in /var/log/messages
  10. Linux OS Service ‘microcode_ctl’

You May Also Like

Primary Sidebar

Recent Posts

  • Vanilla OS 2 Released: A New Era for Linux Enthusiasts
  • mk Command Examples
  • mixxx Command Examples
  • mix Command Examples

© 2025 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright