Firejail
github.com/netblue30/firejailFirejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. Written in C, virtually no dependencies, runs on any modern Linux system, with no daemon running in the background, no complicated configuration, and it's super lightweight and super secure, since all actions are implemented by the kernel. It includes security profiles for over 800 common Linux applications. FireJail is recommended for running any app that may potential pose some kind of risk, such as torrenting through Transmission, browsing the web, opening downloaded attachments.
- Homepage: github.com/netblue30/firejail
- GitHub: github.com/netblue30/firejail
- Web info: web-check.xyz/results/github.com
Firejail Source Code
Author
Description
Linux namespaces and seccomp-bpf sandbox
Homepage
https://firejail.wordpress.comLicense
GPL-2.0
Created
08 Aug 15
Last Updated
05 Oct 24
Latest version
Primary Language
C
Size
21,675 KB
Stars
5,715
Forks
559
Watchers
5,715
Language Usage
Star History
Top Contributors
- @glitsj16 (1199)
- @kmk3 (874)
- @netblue30 (841)
- @smitsohu (790)
- @Fred-Barclay (494)
- @SkewedZeppelin (342)
- @rusty-snake (339)
- @reinerh (332)
- @dependabot[bot] (125)
- @startx2017 (120)
- @SYN-cook (90)
- @Vincent43 (79)
- @manevich (60)
- @avoidr (59)
- @topimiettinen (58)
- @valoq (48)
- @Neo00001 (47)
- @chiraag-nataraj (45)
- @vismir2 (40)
- @kris7t (37)
- @crass (35)
- @bbhtt (35)
- @jose1711 (30)
- @tredondo (29)
- @flacks (27)
- @nidamanx (24)
- @veloute (24)
- @Kishore96in (24)
- @KellerFuchs (21)
- @pirate486743186 (16)
Recent Commits
- Kelvin M. Klann (04 Oct 24)
RELNOTES: add private-etc rework feature item And move the #6104 item into it. Relates to #5518 #5608 #5609 #5629 #5638 #5641 #5642 #5643 #5650 #5655. Relates to #5681 #5737 #5844 #5989 #6016 #6104 #6400.
- Kelvin M. Klann (04 Oct 24)
RELNOTES: add profile items Relates to #6444 #6498 #6499.
- Kelvin M. Klann (04 Oct 24)
profiles: firefox-common: allow org.freedesktop.portal.Documents (#6499) This fixes drag and drop for at least Dolphin. Fixes #6444. Reported-by: @Utini2000 Suggested-by: @rusty-snake
- Kelvin M. Klann (01 Oct 24)
profiles: kube: sort dbus entries This amends commit 7df28c1ed ("New profiles for balsa,trojita,kube (#3603)", 2020-09-03).
- Kelvin M. Klann (01 Oct 24)
profiles: signal-desktop: sort dbus entries This amends commit 047d86f46 ("Add access to D-Bus freedesktop.org secret API", 2024-10-01) / PR #6498.
- netblue30 (01 Oct 24)
Merge pull request #6494 from netblue30/dependabot/github_actions/github/codeql-action-3.26.10 build(deps): bump github/codeql-action from 3.26.6 to 3.26.10
- netblue30 (01 Oct 24)
Merge pull request #6495 from netblue30/dependabot/github_actions/actions/checkout-4.2.0 build(deps): bump actions/checkout from 4.1.7 to 4.2.0
- netblue30 (01 Oct 24)
Merge pull request #6496 from netblue30/dependabot/github_actions/step-security/harden-runner-2.10.1 build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1
- netblue30 (01 Oct 24)
Merge pull request #6498 from corsac-s/patch-1 profiles: signal-desktop - Add access to D-Bus freedesktop.org secret API
- Yves-Alexis Perez (01 Oct 24)
Add access to D-Bus freedesktop.org secret API Signal recently started storing a local key in the freedesktop.org secret API so allow access in the profile
- dependabot[bot] (01 Oct 24)
build(deps): bump step-security/harden-runner from 2.9.1 to 2.10.1 Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.9.1 to 2.10.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde...91182cccc01eb5e619899d80e4e971d6181294a7) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
- dependabot[bot] (01 Oct 24)
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
- dependabot[bot] (01 Oct 24)
build(deps): bump github/codeql-action from 3.26.6 to 3.26.10 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...e2b3eafc8d227b0241d48be5f425d47c2d750a13) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
- Kelvin M. Klann (28 Sept 24)
RELNOTES: add build item Added on commit ba00d135f ("fix for old compilers", 2023-04-06). Relates to #5778.
- Kelvin M. Klann (28 Sept 24)
RELNOTES: add profile items Relates to #5337 #5447 #5902 #6391 #6486.
- qdii (28 Sept 24)
profiles: keepassxc: add new socket location (#6391) The KeePassXC browser extension looks for the KeePassXC socket at `${RUNUSER}/app/org.keepassxc.KeePassXC`[1]. But `${RUNUSER}/app` seems to be blacklisted in disable-common.inc under the flatpak section[2], so the KeePassXC extension cannot connect to it. Fixes #5447. Relates to #3984. [1] https://github.com/keepassxreboot/keepassxc/blob/6b1ab1a5edd66ac10706a2fb5af34ec9458a901d/src/browser/BrowserShared.cpp#L41 [2] https://github.com/netblue30/firejail/blob/b89ec818926b4bcd3a58bb4e2a67b68a8090ba1c/etc/inc/disable-common.inc#L667
- Kelvin M. Klann (28 Sept 24)
Merge pull request #6486 from kmk3/browsers-improve-comments profiles: browsers: centralize/sync/improve comments
- Kelvin M. Klann (14 Jul 24)
profiles: browsers: format and improve comments
- Kelvin M. Klann (14 Jul 24)
profiles: firefox-common: centralize dbus comments Relates to #3326 #6285 #6444.
- Kelvin M. Klann (14 Jul 24)
profiles: firefox-common: centralize migration wizard comment Relates to #3014.
- Kelvin M. Klann (14 Jul 24)
profiles: browsers: centralize/sync keepassxc extension comment Centralize it on firefox-common and copy it to chromium-common. Relates to #3984 #6391.
- Kelvin M. Klann (14 Jul 24)
profiles: browsers: sort blacklist entries See etc/templates/profile.template. Added on commit f3d126bf1 ("disable curl and wget in browsers based on firefox and chromium", 2021-12-18). Relates to #4852.
- Kelvin M. Klann (19 Sept 24)
RELNOTES: add profile items Relates to #5816 #5877 #6002 #6477 #6478 #6479.
- Kelvin M. Klann (19 Sept 24)
profiles: firecfg: disable text editors (#6477) Disable common general-purpose text editors. They are likely to be the default OS text editor and users may want to use them for editing most/all files, which could include common sensitive files such as ~/.bashrc and profiles in ~/.config/firejail. Fixes #6002. Relates to #924 #941 #1154. Reported-by: @ilikenwf
- Kelvin M. Klann (19 Sept 24)
tests: partially disable private-home.exp to fix ci This test started failing today with "TESTING ERROR 3". Log from a CI re-run of test-fs on commit 897f12dd8 ("build(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1", 2024-09-01) / PR #6455[1]: 2024-09-19T13:39:04.5681290Z TESTING: private home (test/fs/private-home.exp) 2024-09-19T13:39:04.5713434Z spawn /bin/bash 2024-09-19T13:39:05.2772248Z touch ~/_firejail_test_file1 2024-09-19T13:39:05.2773779Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2774475Z <jail/firejail/test/fs$ touch ~/_firejail_test_file1 2024-09-19T13:39:05.2775175Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2776506Z <jail/firejail/test/fs$ touch ~/_firejail_test_file2 2024-09-19T13:39:05.2777841Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2778918Z <ejail/firejail/test/fs$ mkdir ~/_firejail_test_dir1 2024-09-19T13:39:05.2780080Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2780903Z <fs$ mkdir ~/_firejail_test_dir1/_firejail_test_dir2 2024-09-19T13:39:05.2781613Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2782461Z <_test_dir1/_firejail_test_dir2/_firejail_test_file3 2024-09-19T13:39:05.2783224Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2784047Z <firejail/test/fs$ ln -s /etc ~/_firejail_test_link1 2024-09-19T13:39:05.2784851Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2785861Z < ln -s ~/_firejail_test_dir1 ~/_firejail_test_link2 2024-09-19T13:39:05.2787008Z runner@fv-az1247-944:~/work/firejail/firejail/test/fs$ 2024-09-19T13:39:05.2788303Z <test_file1,_firejail_test_file2,_firejail_test_dir1 [...] 2024-09-19T13:39:05.4971716Z runner@fv-az1247-944:~$ find ~ 2024-09-19T13:39:05.4989255Z /home/runner 2024-09-19T13:39:05.4990116Z /home/runner/_firejail_test_file1 2024-09-19T13:39:05.4990768Z /home/runner/_firejail_test_file2 2024-09-19T13:39:05.4991299Z /home/runner/_firejail_test_dir1 2024-09-19T13:39:05.4992082Z /home/runner/_firejail_test_dir1/_firejail_test_dir2 2024-09-19T13:39:05.4992760Z /home/runner/_firejail_test_dir1/_firejail_test_dir2/_firejail_test_file3 [...] 2024-09-19T13:39:15.4995765Z runner@fv-az1247-944:~$ TESTING ERROR 3 2024-09-19T13:39:15.5000367Z Misc: This was noticed on #6477. [1] https://github.com/netblue30/firejail/actions/runs/10655583953/job/30378507249
- Kelvin M. Klann (19 Sept 24)
profiles: ssh: add ${RUNUSER}/gvfsd-sftp (#6479) Based on the report by @Saren-Arterius[1]: Since GNOME gvfs 1.53+, the ssh client options `ControlMaster=auto` and `ControlPath=/run/user/$UID/gvfsd-sftp/%C` are used to mount sftp. Since `/run/user/$UID/gvfsd-sftp` is not whitelisted, gvfs sftp mount with nautilus will fail with a meaningless error message shown in the UI. Steps to reproduce[1]: Prepare ssh server or localhost, then run: ssh -o"ForwardX11 no" -o"ForwardAgent no" \ -o"PermitLocalCommand no" -o"ClearAllForwardings yes" \ -o"NoHostAuthenticationForLocalhost yes" \ -o"ControlMaster auto" \ -o"ControlPath=/run/user/${UID}/gvfsd-sftp/test" \ -s {SSH_HOST} sftp stderr shows: unix_listener: cannot bind to path /run/user/$UID/gvfsd-sftp/test.{RANDOM_STRING}: No such file or directory And ssh exits with error code 255. Fixes #5816. [1] https://github.com/netblue30/firejail/issues/5816#issue-1695295931 Reported-by: @Saren-Arterius Suggested-by: @Saren-Arterius Reported-by: @Alex-Farol Reported-by: @mirko
- Kelvin M. Klann (15 Sept 24)
profiles: ssh: sort entries Related commits: * 4747e0ed7 ("Whitelist runuser common (#3286)", 2020-03-31) * ebd4b3eea ("profiles: ssh: allow gpgagent socket for custom homedir (#6419)", 2024-08-07)
- Kelvin M. Klann (16 Sept 24)
profiles: nextcloud: fix access to ~/Nextcloud (#6478) Related commits: * 7c481eb43 ("Add QOwnNotes profile", 2018-10-20) * 49a381c70 ("Add nextcloud-desktop", 2021-02-20) / PR #3997 Fixes #5877. Reported-by: @Sadoon-AlBader
- Kelvin M. Klann (14 Sept 24)
profiles: nextcloud: sort entries Relates to #3997.
- Kelvin M. Klann (14 Sept 24)
profiles: wesnoth: allow lua (#6476) Fixes the following error: $ LC_ALL=C firejail /usr/bin/wesnoth [...] /usr/bin/wesnoth: error while loading shared libraries: liblua++.so.5.4: cannot open shared object file: Permission denied Environment: lua 5.4.7-1, wesnoth 1:1.18.2-2 on Arch Linux. Fixes #6475. Reported-by: @marek22k
Firejail Website
Website
GitHub: Letβs build from here Β· GitHub
GitHub is where over 100 million developers shape the future of software, together. Contribute to the open source community, manage your Git repositories, review code like a pro, track bugs and features, power your CI/CD and DevOps workflows, and secure code before you commit it.
Redirects
Does not redirect
Security Checks
All 66 security checks passed
Server Details
- IP Address 140.82.112.4
- Hostname lb-140-82-112-4-iad.github.com
- Location San Francisco, California, United States of America, NA
- ISP GitHub Inc.
- ASN AS36459
Associated Countries
- US
Saftey Score
Website marked as safe
100%
Blacklist Check
github.com was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
Firejail Reviews
More Linux Defenses
-
Open source GUI firewall for Linux, allowing you to block internet access for certain applications. Supports both simple and advanced mode, GUI and CLI options, very easy to use, lightweight/ low-overhead, under active maintenance and backed by a strong community. Installable through most package managers, or compile from source.
-
ClamTk is basically a graphical front-end for ClamAV, making it an easy to use, light-weight, on-demand virus scanner for Linux systems.
-
Locally checks for signs of a rootkit.
-
Open source intrusion prevention system capable of real-time traffic analysis and packet logging.
-
Clears cache and deletes temporary files very effectively. This frees up disk space, improves performance, but most importantly helps to protect privacy.
About the Data: Firejail
API
You can access Firejail's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/operating-systems/linux-defenses/firejail
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share Firejail
Help your friends compare Linux Defenses, and pick privacy-respecting software and services.
Share Firejail and Awesome Privacy with your network!