---

   firejail    ( 1 )

---

Имя (Name)

Firejail - Linux namespaces sandbox program

Синопсис (Synopsis)

Start a sandbox:

firejail [OPTIONS] [program and arguments]

Start an AppImage program:

firejail [OPTIONS] --appimage [appimage-file and arguments]

File transfer from an existing sandbox

firejail {--ls | --get | --put | --cat} dir_or_filename

Network traffic shaping for an existing sandbox:

firejail --bandwidth={name|pid} bandwidth-command

Monitoring:

firejail {--list | --netstats | --top | --tree}

Miscellaneous:

firejail {-? | --debug-caps | --debug-errnos | --debug- syscalls | --debug-syscalls32 | --debug-protocols | --help | --version}

Описание (Description)

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups.

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. It can sandbox any type of processes: servers, graphical applications, and even user login sessions.

Firejail allows the user to manage application security using security profiles. Each profile defines a set of permissions for a specific application or group of applications. The software includes security profiles for a number of more common Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc.

Alternative sandbox technologies like snap (https://snapcraft.io/) and flatpak (https://flatpak.org/) are not supported. Snap and flatpak packages have their own native management tools and will not work when sandboxed with Firejail.