I searched on software.opensuse.org but didn’t find Firejail.
Is there way to install Firejail ?
I searched on software.opensuse.org but didn’t find Firejail.
Is there way to install Firejail ?
Hi
it’s there;
https://software.opensuse.org/package/firejail
No development release for openSUSE Leap 15 (It’s released for tumbleweed).
I would review the derived packages link (Top right) here to pick a community/home repo;
Or ask the above repository maintainers to enable the openSUSE Leap build repository.
Just out of curiosity, how is firejail any different than apparmor?
Both serve the same purpose right?
Operius.
I haven’t looked at firejail in a long time.
Re-reading its description,
One of Firejail’s main features is to sandbox a running application, which isn’t one of the things Apparmor does.
I’m not clear the type of sandbox Firejail creates, only noting that the process of setting up the sandbox requires root permissions at first, then those permissions are dropped when the sandbox is actually used. One possible way is its use of namespaces, but I hope is more than that.
Once the sandbox is created, an app is assigned and runs within the sandbox.
According to the Firejail documentation, there are two main types of apps, those which run with escalated permissions and those which do not. But, Firejail applies its own profiles that further restrict and manage the permissions of the app running in the sandbox (optionally in conjuction with Apparmor)to ensure well behaving apps.
So,
It appears that Firejail can operate independently of Apparmor and SElinux or in conjuction with Apparmor.
TSU
According to the Firejail download page,
If not available as a distro package,
You can download their own packages.
https://firejail.wordpress.com/download-2/
https://sourceforge.net/projects/firejail/files/firejail/
I noticed the RPM packages don’t seem to be specific to any distro, but YMMV. Documentation suggests there are practically no dependencies.
Alternative is that the source code is available on both Sourceforge and Github.
You can clone the github project and compile yourself (simple couple of steps).
https://github.com/netblue30/firejail
TSU
For whatever my user experiences are worth: I was inspired by this thread to install Firejail from the Tumbleweed repositories (but didn’t see it in Leap 15). I had to tinker with permissions to get it to work, but my limited experimentation since suggests that it now works as advertised. I followed some of the tips under Profile Whitelisting and Blacklisting at https://www.addictivetips.com/ubuntu-linux-tips/set-up-firejail-on-linux/
I just installed Firejail from the Tumbleweed repos but its not working.
~> firejail firfox
bash: /usr/bin/firejail: Permission denied
~> firejail
bash: /usr/bin/firejail: Permission denied
> inxi -Fxz
Resuming in non X mode: glxinfo not found. For package install advice run: inxi --recommends
System: Host: linux-zjjg Kernel: 4.12.14-lp150.12.22-default x86_64
bits: 64 gcc: 7.3.1
Desktop: Gnome 3.26.2 (Gtk 3.22.30) Distro: openSUSE Leap 15.0
Machine: Device: desktop Mobo: ASUSTeK model: H110M-CS v: Rev X.0x serial: N/A
UEFI: American Megatrends v: 3016 date: 12/27/2016
CPU: Dual core Intel Core i3-6100 (-HT-MCP-)
arch: Skylake-S rev.3 cache: 3072 KB
flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx) bmips: 14784
clock speeds: max: 3700 MHz 1: 3700 MHz 2: 3700 MHz 3: 3700 MHz
4: 3700 MHz
Graphics: Card: Intel HD Graphics 530 bus-ID: 00:02.0
Display Server: wayland (X.org 1.19.6 ) driver: i915
tty size: 80x24
Audio: Card Intel Sunrise Point-H HD Audio
driver: snd_hda_intel bus-ID: 00:1f.3
Sound: ALSA v: k4.12.14-lp150.12.22-default
Network: Card: Realtek RTL8111/8168/8411 PCIE Gigabit Ethernet Controller
driver: r8169 v: 2.3LK-NAPI port: e000 bus-ID: 02:00.0
IF: eth0 state: up speed: 10 Mbps duplex: full mac: <filter>
Drives: HDD Total Size: 120.0GB (11.7% used)
ID-1: /dev/sda model: Samsung_SSD_750 size: 120.0GB
Partition: ID-1: / size: 29G used: 5.2G (19%) fs: ext4 dev: /dev/sda2
ID-2: /home size: 79G used: 8.0G (11%) fs: ext4 dev: /dev/sda3
Sensors: None detected - is lm-sensors installed and configured?
Info: Processes: 207 Uptime: 0:28 Memory: 1482.3/3804.4MB
Init: systemd runlevel: 5 Gcc sys: N/A
Client: Shell (bash 4.4.231) inxi: 2.3.40
~> zypper se -i firejail
Loading repository data...
Reading installed packages...
S | Name | Summary | Type
---+----------+---------------------------------+--------
i+ | firejail | Linux namepaces sandbox program | package
Any ideas ?
Permission denied indicates a permissions problem. So what are the permissions on the file??
One idea: Do not ever mix packages from different distro versions. Lately I see more people doing this, and the only thing I’ll say about it is that it’s one of the methods to seriously bork your system. Like Malcolm says: ask the maintainer to enable the Leap 15 build.
/usr/bin/firejail: Permission denied is the same error I had, suse_kid. I’m sorry that I didn’t provide more details in my first message in this thread.
On my system, I fixed the problem with:
chmod o=rx firejail
I hope this helps.
After doing
chmod o=rx firejail
I am getting this
> firejail firefox
Warning: an existing sandbox was detected. firefox will run without any additional sandboxing features
Error: Access was denied while trying to open files in your profile directory.
Just to be on the safe side, I’ll mention that my firejail permissions are -rwsr-xr-x, or:
Owner: read, write, execute
Group: read, execute
Others: read, execute
with ‘special flag’ Set user ID
In your shoes, I’d:
Update: For anyone who might discover this thread through a search engine: please see:
https://bugzilla.opensuse.org/show_bug.cgi?id=1059013
for information on why firejail permissions are set up as they are. I now have firejail chmod’d to 4750, and added my username to the firejail group.