программа-песочница для пространств имен Linux (Linux namespaces sandbox program)
DESKTOP INTEGRATION
A symbolic link to /usr/bin/firejail under the name of a program,
will start the program in Firejail sandbox. The symbolic link
should be placed in the first $PATH position. On most systems, a
good place is /usr/local/bin directory. Example:
Make a firefox symlink to /usr/bin/firejail:
$ sudo ln -s /usr/bin/firejail /usr/local/bin/firefox
Verify $PATH
$ which -a firefox
/usr/local/bin/firefox
/usr/bin/firefox
Starting firefox in this moment, automatically invokes
'firejail firefox'.
This works for clicking on desktop environment icons, menus etc.
Use "firejail --tree" to verify the program is sandboxed.
$ firejail --tree
1189:netblue:firejail firefox
1190:netblue:firejail firefox
1220:netblue:/bin/sh -c "/usr/lib/firefox/firefox"
1221:netblue:/usr/lib/firefox/firefox
We provide a tool that automates all this integration, please see
firecfg(1) for more details.
