• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

firejail Command Examples in Linux

by Deepika

Firejail is a security tool that allows you to run processes in a sandbox environment using Linux’s built-in namespace and cgroups capabilities. Essentially, it creates a “jail” or isolated environment for a process to run in, which limits its access to the host system and other processes. This can help prevent malicious or compromised processes from escaping the jail and causing damage to the host system or other processes.

Firejail uses a number of different features to create the jail and restrict the process’s access. These include:

  • Namespaces: Firejail uses Linux’s namespace feature to isolate the process from the host system’s environment. This includes isolating the process’s view of the file system, network, and other resources.
  • Seccomp: Firejail uses the seccomp (secure computing mode) feature to restrict the system calls that the process is allowed to make. This can help prevent the process from making dangerous or unauthorized system calls.
  • Apparmor and SELinux: Firejail can also use Apparmor and SELinux (mandatory access control systems) to further restrict the process’s access to the host system.
  • cgroups: Firejail uses cgroups (control groups) to limit the resources that the process can access, such as CPU and memory usage.

firejail Command Examples

1. Integrate firejail with your desktop environment:

# firecfg

2. Open a restricted Mozilla Firefox:

# firejail firefox

3. Start a restricted Apache server on a known interface and address:

# firejail --net=eth0 --ip=192.168.1.244 /etc/init.d/apache2 start

4. List running sandboxes:

# firejail --list

5. List network activity from running sandboxes:

# firejail --netstats

6. Shutdown a running sandbox:

# firejail --shutdown=7777

Filed Under: Linux

Some more articles you might also be interested in …

  1. esptool.py: Bootloader utility for Espressif chips (e.g. ESP8266)
  2. “aws secretsmanager” Command Examples
  3. What Are Dirty Pages in Linux
  4. “device-mapper: resume ioctl failed: Invalid argument” – error on running lvcreate/lvresize/lvextend
  5. atrm Command Examples in Linux
  6. pacstrap Command Examples in Linux
  7. ctrlaltdel Command Examples in Linux
  8. dotnet publish: Publish a .NET application and its dependencies to a directory for deployment to a hosting system
  9. if Command Examples in Linux
  10. cosign: Container Signing, Verification and Storage in an OCI registry

You May Also Like

Primary Sidebar

Recent Posts

  • “glab pipeline” Command Examples
  • “glab mr” Command Examples
  • “glab mr merge” Command Examples
  • “glab mr” Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright