We are happy to announce the release of Firejail version 0.9.26. Firejail is a generic Linux namespaces security sandbox, capable of running graphic interface programs as well as server programs. This release fixes a number of bugs reported by users, new default profiles, and brings in the following new features:
Private /dev directory
Command line option –private-dev mounts a new /dev directory and populates it with the following device files: null, full, zero, tty, pts, ptmx, random, urandom and shm. The option is targeted to programs that are not supposed to use sound or video camera devices.
New /dev directory created with –private-dev option.
Private home whitelisting
The format for this command is as follows:
--private.keep=comma-separated-list-of-files-and-directories
The command mounts an empty tmpfs on top of /home/user directory, and copies all the files and directories in the list in the new filesystem. The list elements are separated by comma ‘,’. All modifications are discarded when the sandbox is closed. The original files are not modified.
Example:
$ firejail --private.keep=.mozilla,Downloads firefox
User namespaces
Command –noroot attaches a new user namespace to the sandbox. The namespace has a single user defined, the current user. There is no root user available. Programs requiring root privileges will not be able to run:
Trying to run SUID binaries in a –noroot sandbox.
User namespaces have been introduced in Linux kernel 3.9. If the feature is not available in the kernel at runtime, Firejail will print a warning and continue setting up the sandbox.
New default profiles
This version brings in new default profiles for Deluge and qBittorrent BitTorrent clients.
About
For more information please visit the project page.