Firejail for isolate malicious programs or risky tasks by sandboxing them



Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc. It would be great if Elive integrates firejail to isolate processes.


I will try to play with it.
Is it for advanced users only or a normal person could use it ?

I am a former security consultant familiar with all that but was wondering if normal day to day people could use it without too much headaches



@ jfbourdeau anyone can use it by installing the firejail package but easier for advanced user. Suggesting that if firejail profile created for selected application by default it would help people who are unaware of online scams.


could firejail bloat the os with dependencies
new users would most likely need Firetools, it requires basic Qt4 or Qt5 application runtime libraries.
Easier isolation might be better achieved for newbies by offering a flatpak repos. but would require work since Flatpak is available in Debian from Stretch onwards.
This however can not only solve the isolation but could get newer packages into a more dated system



Elive had an amazing tool to isolate everything, wrote years ago but it never has been published due to minor stability issues, but it the end worked really good without bloat and without dependencies, it has been in the TODO since them, maybe is time to give it some love again :slight_smile: