[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Looking for firejail / seccomp maintainer for better security!


#1

Originally published at: https://www.whonix.org/blog/looking-for-firejail-maintainer
firejail is a sandbox to restrict the application environment.

Please contribute. Task:

  • play around with firejail in Whoinx
  • see how it goes
  • report (and possibly fix) issues upstream in firejail
  • test the Tor Browser firejail profile, consider packaging it
  • maintain firejail profiles in Whonix
This is a volunteer position.

Whonix firejail / seccomp development discussion:
https://forums.whonix.org/t/firejail-seccomp-more-options-for-program-containment


firejail / seccomp / More Options for Program Containment
#2

Hi Patrick,Why not use the Xen Hypervisor for isolation since it can isolate at the GUI-level, which is essential for a desktop system.Unless of course firejail already has that feature Xen also includes other features that this program might not have heres a link with a full description of how xen differs from most other isolation solution http://theinvisiblethings.blogspot.com/2012/09/how-is-qubes-os-different-from.html

pls let me know your thoughts I would love to hear them!

Anyway take care and stay healthy don’t over work that genius brain of yours


#3

I can’t volunteer because I have no experience packaging, but if someone makes better profiles I’ll try them.

I already run firejail using a modified /etc/firejail/firefox.profile for TBB (what the firejail author said he was doing).

It works fine with both apparmor and firejail enabled at the same time (only a few extra tweaks to apparmor needed for files under /run/firejail).


#4

Because we already do with Qubes-Whonix and becuase firejail / seccomp is a protection layer at a different level.

Yes, great! Testing will certainly help once we found a maintainer to work on this!

Good to know!

I’ll post more questions here: firejail / seccomp / More Options for Program Containment


#5

A ton of firejail profiles for by parrot! Please feel encouraged to test them inside Whonix!


Check Parrot OS sandboxing code
firejail / seccomp / More Options for Program Containment