How To Install Firejail and Run Unsecure Application On Linux
Firejail can solve your problems to install the unsecure application on Linux. If you want to install them. So, we can use the application in the Sandbox. This is the ability to run the application in a limited environment. This way we can run install and run unsecure applications in Linux using the Firejail sandbox.
Firejail Installation starts:
[[email protected] ~]# yum install git -y [[email protected] ~]# git clone https://github.com/netblue30/firejail.git [[email protected] ~]# mv firejail /opt/ [[email protected] ~]# cd /opt/firejail/ [[email protected] firejail]# ls
We need to configure the compiler and it will also look for GCC libraries and install them to run the application.
Check Out: Learn Cat Commands With Examples On CentOS 8
Start with the below commands and install them.
[[email protected] firejail]# ./configure [[email protected] firejail]# make -bash: make: command not found
If make command is not found, you can install it using yum install make -y
Installed: make-1:4.2.1-9.el8.x86_64 Complete!
Now run the make command. It will install Firejail configuration file.
[[email protected] firejail]# make
[[email protected] firejail]# make install-strip
[[email protected] ~]# firejail --version firejail version 0.9.63 Compile time support: - AppArmor support is disabled - AppImage support is enabled - chroot support is enabled - file and directory whitelisting support is enabled - file transfer support is enabled - firetunnel support is enabled - networking support is enabled - overlayfs support is enabled - private-home support is enabled - seccomp-bpf support is enabled - SELinux support is disabled - user namespace support is enabled - X11 sandboxing support is enabled
Start the Application with Firejail:
The next step is to run the application with Firejail using the below commands.
[[email protected] ~]# firejail firefox #Start firefox [[email protected] ~]# firejail vlc #Start videolan client
You can also list the sandboxes using firejail –list
Integration Firejail With Desktop:
You can integrate your sandbox to the desktop with Firejail using the below commands. This command will solve some shared memory/PID namespaces bugs in Pulse Audio software.
[[email protected] ~]# firecfg --fix-sound
The below command will integrate your sandbox to the desktop. you will have to logout and login again to get changes to reflect in Pulse Audio.
[[email protected] ~]# firecfg
Create Security Profiles:
We can find the profile for all supported applications. You must have noticed at the time of installation it has created a profile under /opt/firejail/etc.
You’re done linux sandbox firejail install