Firejail: Difference between revisions
imported>Onny Init page |
imported>Onny Add usage examples |
||
| Line 5: | Line 5: | ||
Add following line to your system configuration to install Firejail globally | Add following line to your system configuration to install Firejail globally | ||
<syntaxhighlight lang="nix> | <syntaxhighlight lang="nix"> | ||
environment.systemPackages = with pkgs; [ firejail ]; | environment.systemPackages = with pkgs; [ firejail ]; | ||
</syntaxhighlight> | |||
== Usage == | |||
To start an application in a sandboxed enviroment use Firejail like this | |||
<syntaxhighlight lang="bash"> | |||
firejail bash | |||
</syntaxhighlight> | |||
For a graphical application like [[Firefox]] web browser, it is recommended to also use a profile | |||
<syntaxhighlight lang="bash"> | |||
firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox | |||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Security]] | [[Category:Security]] | ||
Revision as of 17:10, 14 November 2022
Firejail is an easy to use SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities.
Installation
Add following line to your system configuration to install Firejail globally
environment.systemPackages = with pkgs; [ firejail ];
Usage
To start an application in a sandboxed enviroment use Firejail like this
firejail bash
For a graphical application like Firefox web browser, it is recommended to also use a profile
firejail --profile=$(nix --extra-experimental-features nix-command --extra-experimental-features flakes eval -f '<nixpkgs>' --raw 'firejail')/etc/firejail/firefox.profile firefox