Firejail

From Steak Wiki
Jump to navigationJump to search

Firejail is an additional layer of security. It runs before a program and limits what the program can do or have access to.

Tips & Tricks

Error mkdir: util.c:936 create_empty_dir_as_root: Permission denied

user ~/palemoon $ cd /usr/bin
user /usr/bin $ ls -l firejail
-rwxr-xr-x 1 root root 347472 Jan 21 21:54 firejail
user /usr/bin $ stat firejail
  File: firejail
  Size: 347472          Blocks: 680        IO Block: 4096   regular file
Device: 803h/2051d      Inode: 272053      Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2019-01-21 21:54:13.418190967 -0500
Modify: 2019-01-21 21:54:13.422190987 -0500
Change: 2019-01-21 21:54:15.966203602 -0500
 Birth: -
user /usr/bin $ sudo chmod 4755 firejail
Password:
user /usr/bin $ stat firejail
  File: firejail
  Size: 347472          Blocks: 680        IO Block: 4096   regular file
Device: 803h/2051d      Inode: 272053      Links: 1
Access: (4755/-rwsr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2019-01-21 21:54:13.418190967 -0500
Modify: 2019-01-21 21:54:13.422190987 -0500
Change: 2019-02-09 17:09:14.958860845 -0500
 Birth: -
user /usr/bin $

Now it will run.

Getting Firejail to work with Palemoon

If you have palemoon downloaded as a binary, and not installed (also applies to waterfox per this link: https://forums.linuxmint.com/viewtopic.php?t=260782 it won't run. Firejail says: 

Error: No suitable palemoon executable found

This isn't working because you may have downloaded Palemoon in the home folder, which firejail doesn't give access to, as well as because palemoon is not linked in /usr/bin/ or equivalent (for your dist).

Solution: 

ln -s /home/user/palemoon/palemoon /usr/bin/palemoon
nano /etc/firejail/palemoon.profile

add the following 

whitelist /home/user/palemoon/
Retrieved from "http://steakwiki.com/index.php?title=Firejail&oldid=205"