Firejail: Difference between revisions

From NixOS Wiki
imported>Onny
Init page
 
imported>Onny
Add usage examples
Line 5: Line 5:
Add following line to your system configuration to install Firejail globally
Add following line to your system configuration to install Firejail globally


<syntaxhighlight lang="nix>
<syntaxhighlight lang="nix">
environment.systemPackages = with pkgs; [ firejail ];
environment.systemPackages = with pkgs; [ firejail ];
</syntaxhighlight>
== Usage ==
To start an application in a sandboxed enviroment use Firejail like this
<syntaxhighlight lang="bash">
firejail bash
</syntaxhighlight>
For a graphical application like [[Firefox]] web browser, it is recommended to also use a profile
<syntaxhighlight lang="bash">
firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox
</syntaxhighlight>
</syntaxhighlight>


[[Category:Applications]]
[[Category:Applications]]
[[Category:Security]]
[[Category:Security]]

Revision as of 17:10, 14 November 2022

Firejail is an easy to use SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities.

Installation

Add following line to your system configuration to install Firejail globally

environment.systemPackages = with pkgs; [ firejail ];

Usage

To start an application in a sandboxed enviroment use Firejail like this

firejail bash

For a graphical application like Firefox web browser, it is recommended to also use a profile

firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox