‘You can never be too careful’ people tend to say, and for those of you who have ever came across a virus, spyware, ransomware (this is a new trend) or any other type of malware for that matter, such saying probably resonates.
Firejail is a tool that helps diminish your system exposure to malicious attacks, without restricting you, the user, from completing the tasks which you were set out to do.
In a sense, Firejail has the same purpose as anti-virus software has, that is, to protect you from malware. Yet unlike an anti-virus, Firejail doesn’t need to run in the background all the time and monitor your activity. Instead, you decide when to launch it, and once you do, Firejail simply sets out a secure environment for you to work in without needing to constantly monitor your activity.
Firejail is like an anti-virus software without the performance drawbacks of one.
You don’t have to use Firejail all the time, however if for example, you’ve decided to experiment with a new application, let’s say you’ve downloaded some unknown Web browser or torrent client which you want to check out but you’re unsure whether it’s actually trust-worthy, Firejail is then the tool for you.
This type of situation is were Firejail may shines the most, Firejail lets you play with such apps while minimizing the risk you’re taking in case malware is present within these apps.
How Firejail Works?
Without getting into the hardcore technicalities of it, which you’re more than welcome to read here, Firejail works by utilizing Linux kernel security features called seccomp (short for secure computing mode) and Namespaces, applying those on a specific program you wish to run.
In essence, what Firejail do is isolating a program that you run using it, taking that program’s ability to execute any code locally, while in addition, it also takes a program’s writing permissions and lets it write only to /home and /tmp locations by default, which are generally considered safe locations to write to, since they are designated for user modification and thus not jeopardizing system files.
Since Firejail is quite restrictive by default, it also comes with a myriad of ‘security profiles’ that enables programs to run freely according to the purpose each is designed for.
Technically inclined users are able to modify or create security profiles of their own if they wish to.
How To Use Firejail?
Firejail is pretty simple and straightforward to operate.
To use Firejail to execute a certain program, all that a user has to do is issue the command:
firejail PROGRAM-NAME in Terminal, and that program will be run by Firejail in a much more secure manner.
$: firejail firefox
Firejail also has many more options a user can utilize written in its manual, so be sure to check out these as well.
Lastly, to install Firejail, simply look for it on your distribution’s repository and install it like you would any other package.