Firejail
From Steak Wiki
Jump to navigationJump to search
Firejail is an additional layer of security. It runs before a program and limits what the program can do or have access to.
Tips & Tricks
Error mkdir: util.c:936 create_empty_dir_as_root: Permission denied
user ~/palemoon $ cd /usr/bin user /usr/bin $ ls -l firejail -rwxr-xr-x 1 root root 347472 Jan 21 21:54 firejail user /usr/bin $ stat firejail File: firejail Size: 347472 Blocks: 680 IO Block: 4096 regular file Device: 803h/2051d Inode: 272053 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2019-01-21 21:54:13.418190967 -0500 Modify: 2019-01-21 21:54:13.422190987 -0500 Change: 2019-01-21 21:54:15.966203602 -0500 Birth: - user /usr/bin $ sudo chmod 4755 firejail Password: user /usr/bin $ stat firejail File: firejail Size: 347472 Blocks: 680 IO Block: 4096 regular file Device: 803h/2051d Inode: 272053 Links: 1 Access: (4755/-rwsr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2019-01-21 21:54:13.418190967 -0500 Modify: 2019-01-21 21:54:13.422190987 -0500 Change: 2019-02-09 17:09:14.958860845 -0500 Birth: - user /usr/bin $
Now it will run.
Getting Firejail to work with Palemoon
If you have palemoon downloaded as a binary, and not installed (also applies to waterfox per this link: it won't run. Firejail says:
Error: No suitable palemoon executable found
This isn't working because you may have downloaded Palemoon in the home folder, which firejail doesn't give access to, as well as because palemoon is not linked in /usr/bin/ or equivalent (for your dist).
Solution:
ln -s /home/user/palemoon/palemoon /usr/bin/palemoon nano /etc/firejail/palemoon.profile
add the following
whitelist /home/user/palemoon/