How To Install Firejail and Run Unsecure Application On Linux
Firejail can solve your problems to install the unsecure application on Linux. If you want to install them. So, we can use the application in the Sandbox. This is the ability to run the application in a limited environment. This way we can run install and run unsecure applications in Linux using the Firejail sandbox.
Firejail Installation starts:
[root@example ~]# yum install git -y [root@example ~]# git clone https://github.com/netblue30/firejail.git [root@example ~]# mv firejail /opt/ [root@example ~]# cd /opt/firejail/ [root@example firejail]# ls
We need to configure the compiler and it will also look for GCC libraries and install them to run the application.
Check Out: Learn Cat Commands With Examples On CentOS 8
Start with the below commands and install them.
[root@example firejail]# ./configure [root@example firejail]# make -bash: make: command not found
If make command is not found, you can install it using yum install make -y
Installed: make-1:4.2.1-9.el8.x86_64 Complete!
Now run the make command. It will install Firejail configuration file.
[root@example firejail]# make
[root@example firejail]# make install-strip
[root@example ~]# firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled
Start the Application with Firejail:
The next step is to run the application with Firejail using the below commands.
[root@example ~]# firejail firefox #Start firefox [root@example ~]# firejail vlc #Start videolan client
You can also list the sandboxes using firejail –list
Integration Firejail With Desktop:
You can integrate your sandbox to the desktop with Firejail using the below commands. This command will solve some shared memory/PID namespaces bugs in Pulse Audio software.
[root@example ~]# firecfg --fix-sound
The below command will integrate your sandbox to the desktop. you will have to logout and login again to get changes to reflect in Pulse Audio.
[root@example ~]# firecfg
Create Security Profiles:
We can find the profile for all supported applications. You must have noticed at the time of installation it has created a profile under /opt/firejail/etc.
You’re done linux sandbox firejail install