Firejail Icon

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Written in C, virtually no dependencies, runs on any modern Linux system, with no daemon running in the background, no complicated configuration, and it's super lightweight and super secure, since all actions are implemented by the kernel. It includes security profiles for over 800 common Linux applications. FireJail is recommended for running any app that may potential pose some kind of risk, such as torrenting through Transmission, browsing the web, opening downloaded attachments.

Open Source

Firejail Source Code

Author

netblue30

Description

Linux namespaces and seccomp-bpf sandbox

Homepage

https://firejail.wordpress.com

License

GPL-2.0

Created

08 Aug 15

Last Updated

18 Jan 25

Latest version

landlock-split

Primary Language

C

Size

22,594 KB

Stars

5,907

Forks

578

Watchers

5,907

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Kelvin M. Klann (18 Jan 25)

    build: rename print-version target to installcheck (#6620) To make it consistent with the standard GNU make targets. From the manual of GNU Make (version 4.4.1-2): > 'installcheck' > Perform installation tests (if any). The user must build and > install the program before running the tests. You should not > assume that '$(bindir)' is in the search path. Commands used to search and replace: $ git grep -Ilz print-version | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ 's/print-version/installcheck/g' '{}')\" >'{}'" $ git grep -Ilz 'print version' .github/workflows | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ 's/print version/make installcheck/g' '{}')\" >'{}'" Added on commit c9531d95e ("build: add print-version target and use in CI", 2024-02-22) / #6230.

  • Kelvin M. Klann (16 Jan 25)

    RELNOTES: line-wrap profile item Relates to #6444 #6499.

  • Kelvin M. Klann (16 Jan 25)

    RELNOTES: add modif, docs and profile items Relates to #6471 #6581 #6582 #6605 #6607.

  • amano-kenji (16 Jan 25)

    profiles: anki: fix dark mode detection & misc changes (#6581) Relates to #6545.

  • Kelvin M. Klann (16 Jan 25)

    warn when running firejail with --disable-sandbox-check Clarify that it is only intended for development (and thus that it may potentially cause issues). Relates to #6592 #6619.

  • Kelvin M. Klann (16 Jan 25)

    Revert "build: move HAVE_SANDBOX_CHECK out of MANFLAGS" This reverts commit 5c6fa6ab584eb6241467b5d5aea76f26dcc922fb. The commit in question causes `HAVE_SANDBOX_CHECK` to always be unset (instead of only when `--disable-sandbox-check` is used), as its value was being passed to the compiler through `MANFLAGS`. Move the macro back into `MANFLAGS` for simplicity. Also, using `--disable-sandbox-check` breaks the tests and thus also breaks CI (see #6619). Relates to #6592.

  • Kelvin M. Klann (16 Jan 25)

    profiles: aria2p: disable x11 and clipboard managers (#6609) aria2p is a command-line tool, so these should not be needed (and it's unclear how/why they would be used by the program). See also: https://github.com/netblue30/firejail/pull/6583#discussion_r1912891807 Added on commit c869f11d5 ("New profile: aria2p/aria2rpc", 2024-12-27) / PR #6583.

  • Kelvin M. Klann (15 Jan 25)

    docs: github: add program name/version to bug_report.md (#6607) See also commit 9bccccfa7 ("docs: github: streamline environment in issue templates (#6471)", 2024-09-13).

  • Kelvin M. Klann (15 Jan 25)

    ci: disable build_src_package GitLab job due to libtrace errors Build log[1]: $ make [...] make -C src/libtrace/ make[1]: Entering directory '/builds/Firejail/firejail_ci/src/libtrace' gcc -ggdb -O2 -DVERSION='"0.9.73"' [...] -c ../../src/libtrace/libtrace.c -o ../../src/libtrace/libtrace.o ../../src/libtrace/libtrace.c:451:59: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration 451 | typedef int (*orig_stat64_t)(const char *pathname, struct stat64 *statbuf); | ^~~~~~ ../../src/libtrace/libtrace.c:453:41: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration 453 | int stat64(const char *pathname, struct stat64 *statbuf) { | ^~~~~~ ../../src/libtrace/libtrace.c: In function 'stat64': ../../src/libtrace/libtrace.c:457:40: error: passing argument 2 of 'orig_stat64' from incompatible pointer type [-Wincompatible-pointer-types] 457 | int rv = orig_stat64(pathname, statbuf); | ^~~~~~~ | | | struct stat64 * ../../src/libtrace/libtrace.c:457:40: note: expected 'struct stat64 *' but argument is of type 'struct stat64 *' ../../src/libtrace/libtrace.c: At top level: ../../src/libtrace/libtrace.c:476:60: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration 476 | typedef int (*orig_lstat64_t)(const char *pathname, struct stat64 *statbuf); | ^~~~~~ ../../src/libtrace/libtrace.c:478:42: warning: 'struct stat64' declared inside parameter list will not be visible outside of this definition or declaration 478 | int lstat64(const char *pathname, struct stat64 *statbuf) { | ^~~~~~ ../../src/libtrace/libtrace.c: In function 'lstat64': ../../src/libtrace/libtrace.c:482:41: error: passing argument 2 of 'orig_lstat64' from incompatible pointer type [-Wincompatible-pointer-types] 482 | int rv = orig_lstat64(pathname, statbuf); | ^~~~~~~ | | | struct stat64 * ../../src/libtrace/libtrace.c:482:41: note: expected 'struct stat64 *' but argument is of type 'struct stat64 *' make[1]: Leaving directory '/builds/Firejail/firejail_ci/src/libtrace' Environment: gcc (14.2.0-r4), musl-dev (1.2.5-r8) on Alpine Linux v3.21. Relates to #6610. [1] https://gitlab.com/Firejail/firejail_ci/-/jobs/8853165146

  • Kelvin M. Klann (15 Jan 25)

    build: fix formatting --disable-sandbox-check Make it match the other `AC_ARG_ENABLE` code. This amends commit a53de4926 ("build: improve --disable-sandbox-check help string", 2025-01-13). Relates to #6592.

  • Kelvin M. Klann (13 Jan 25)

    build: improve --disable-sandbox-check help string This amends commit 108327c5a ("feature: build: add --disable-sandbox-check configure flag", 2024-12-27) / PR #6592.

  • Kelvin M. Klann (13 Jan 25)

    build: move HAVE_SANDBOX_CHECK out of MANFLAGS It is not used in the man pages. This amends commit 108327c5a ("feature: build: add --disable-sandbox-check configure flag", 2024-12-27) / PR #6592.

  • Kelvin M. Klann (13 Jan 25)

    RELNOTES: sort/reword feature This amends commit 56566fd41 ("merges", 2025-01-12).

  • Kelvin M. Klann (13 Jan 25)

    profiles: monero-wallet-cli: fix missing EOL at EOF This amends commit a7bf93426 ("New profile: monero-wallet-cli", 2024-12-27) / PR #6586.

  • Kelvin M. Klann (13 Jan 25)

    fix misc copyright years Commands used to check for issues: git grep 'Copyright .*Firejail' | grep -v 2014-2025 Misc: This was noticed on commit 212ac3cb1 ("update copyright", 2025-01-12).

  • netblue30 (13 Jan 25)

    update copyright

  • netblue30 (12 Jan 25)

    Merge branch 'master' of ssh://github.com/netblue30/firejail

  • netblue30 (12 Jan 25)

    merges

  • netblue30 (12 Jan 25)

    Merge pull request #6590 from amano-kenji/tremc New profile: tremc

  • netblue30 (12 Jan 25)

    Merge pull request #6586 from amano-kenji/monero New profile: monero-wallet-cli

  • netblue30 (12 Jan 25)

    Merge pull request #6584 from amano-kenji/buku New profile: buku

  • netblue30 (12 Jan 25)

    Merge pull request #6583 from amano-kenji/aria2 New profile: aria2p/aria2rpc

  • netblue30 (12 Jan 25)

    Merge pull request #6592 from powerjungle/feat/run-firejail-in-sandbox-for-testing feature: build: add --disable-sandbox-check configure flag

  • Kelvin M. Klann (12 Jan 25)

    refactor: deduplicate definition of RUN_FIREJAIL_NAME_DIR Reuse the definition from src/include/rundefs.h. Related commits: * 07c05e8a5 ("moved sandbox name to /run/firejail/name/<PID>", 2016-02-19) * 57ffc35a8 ("added sandbox name support in firemon", 2018-03-21)

  • Kelvin M. Klann (11 Jan 25)

    modif: clarify error messages in profile.c (#6605) Relates to #3478 #3798 #6604.

  • Kelvin M. Klann (06 Jan 25)

    ci: check-profiles: fix git diff not running This amends commit c222b7f69 ("build: sort.py: fix whitespace in entire profile (#6593)", 2024-12-28).

  • amano-kenji (06 Jan 25)

    profiles: refactor com.github.johnfactotum.Foliate into foliate.profile (#6582) On Gentoo Linux, there is `/usr/bin/foliate` instead of `/usr/bin/com.github.johnfactotum.Foliate`.

  • Kelvin M. Klann (04 Jan 25)

    profiles: singularity: fix profile path Commands used to check for issues: $ git ls-files 'etc/profile-a-l/' | grep 'etc/profile-a-l/[m-z]' etc/profile-a-l/singularity.profile $ git ls-files 'etc/profile-m-z/' | grep 'etc/profile-a-l/[a-l]' $ Command used to fix the path: $ git mv \ etc/profile-a-l/singularity.profile \ etc/profile-m-z/singularity.profile Relates to #6463.

  • Kelvin M. Klann (04 Jan 25)

    build: sort.py: ignore empty files Currently it adds a newline to empty files. Before: $ : >foo.profile $ contrib/sort.py foo.profile sort.py: checking 1 profile(s)... foo.profile:(fixed whitespace) [ Fixed ] foo.profile $ od -A n -t x1 foo.profile 0a After: $ : >foo.profile $ contrib/sort.py foo.profile sort.py: checking 1 profile(s)... $ This amends commit c222b7f69 ("build: sort.py: fix whitespace in entire profile (#6593)", 2024-12-28).

  • Kelvin M. Klann (04 Jan 25)

    bugfix: update syscalls.list Commands used to update it: touch src/include/syscall_aarch64.h # potentially needed make syntax This amends commit 508cd6a6c ("feature: add aarch64 syscalls (#6574)", 2024-12-21).

Firejail Website

Website

GitHub: Let’s build from here Β· GitHub

GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows, and secure code before you commit it.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 140.82.112.4
  • Hostname lb-140-82-112-4-iad.github.com
  • Location San Francisco, California, United States of America, NA
  • ISP GitHub Inc.
  • ASN AS36459

Associated Countries

  • US

Saftey Score

Website marked as safe

100%

Blacklist Check

github.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

Firejail Reviews

More Linux Defenses

About the Data: Firejail

API

You can access Firejail's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/operating-systems/linux-defenses/firejail

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share Firejail

Help your friends compare Linux Defenses, and pick privacy-respecting software and services.
Share Firejail and Awesome Privacy with your network!

View Linux Defenses (6)