Firejail: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny (Fix installation instruction, restructure) |
||
| Line 3: | Line 3: | ||
== Installation == | == Installation == | ||
Add following line to your system configuration to install Firejail globally | Add following line to your system configuration to install and enable Firejail globally | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
services.firejail.enable = true; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
== Usage == | |||
To start an application in a sandboxed enviroment use Firejail like this | |||
<syntaxhighlight lang="bash"> | |||
firejail bash | |||
</syntaxhighlight> | |||
For a graphical application like [[Firefox]] web browser, it is recommended to also use a profile | |||
<syntaxhighlight lang="bash"> | |||
firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox | |||
</syntaxhighlight> | |||
== Configuration == | |||
You can also use the Firejail NixOS module for a persistent usage of specific applications which should always run in Firejail. The following example wraps the browser Librewolf and the messenger Signal in a Firejail environment. The usual program path to <code>librewolf</code> and <code>signal-desktop</code> will be overwritten by the Firejail-wrapper. | You can also use the Firejail NixOS module for a persistent usage of specific applications which should always run in Firejail. The following example wraps the browser Librewolf and the messenger Signal in a Firejail environment. The usual program path to <code>librewolf</code> and <code>signal-desktop</code> will be overwritten by the Firejail-wrapper. | ||
| Line 32: | Line 48: | ||
}; | }; | ||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||