Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to improve system installation through Firejail under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "how to improve system installation through Firejail under Linux"!

The role of Firejail is to enable processes and their children to view globally shared kernel resources, including network stacks, process tables, and mount tables.

How to install Firejail in Linux

You can use the git command to download the latest package from the project's github page to complete the installation, as shown in the figure.

Linuxidc@linuxidc:~/www.linuxidc.com$ git clone https://github.com/netblue30/firejail.git is being cloned into 'firejail'...remote: Enumerating objects: 23, done.remote: Counting objects: 100% (23x23), done.remote: Compressing objects: 100% (18x18), done.remote: Total 38395 (delta 11), reused 11 (delta 5), pack-reused 38372 receiver: 100% (38395 MiB), 9.82 MiB | 87.00 KiB/s, complete. In delta processing, .linuxidc @ linuxidc:~/www.linuxidc.com$ cd firejaillinuxidc@linuxidc:~/www.linuxidc.com/firejail$. / configure & & make & & sudo make install-stripchecking for gcc... Gccchecking whether the C compiler works... Yeschecking for C compiler default output file name... A.outchecking for suffix of executables...checking whether we are cross compiling... Nochecking for suffix of object files... O

If git is not installed on your system, you can install it using the following command:

$sudo apt install git [in Debian/Ubuntu] # yum install git [in CentOS/RHEL] # dnf install git [in Fedora 22 +]

Another way to install firejail is to download the package associated with the Linux distribution and install it using its package manager. You can download the file from the SourceForge page of the project. After downloading the file, you can install it using the following command:

$sudo dpkg-I firejail_X.Y_1_amd64.deb [in Debian/Ubuntu] $sudo rpm-I firejail_X.Y-Z.x86_64.rpm [in CentOS/RHEL/Fedora] how to run an application using Firejail in Linux

You can now run the application using firejail. This is done by starting the terminal and adding firejail before the command you want to run.

Here is an example:

$firejail firefox # launch the Firefox web browser $firejail vlc # launch the VLC player to create a security profile

Firejail contains a number of security profiles for different applications, which are stored in:

/ etc/firejail

If you build the project from the source code, you can find the configuration file in the following location:

# path-to-firejail/etc/

If you use the rpm/deb package, you can find the security configuration file at the following location:

/ etc/firejail/

Users should put their configuration files in the following directory:

~ / .config/firejail

If you want to extend an existing security profile, you can use the include that contains the path to the profile, and then add lines. This should go like this:

$cat ~ / .config/firejail/vlc.profileinclude / etc/firejail/vlc.profilenet none

If you want to restrict application access to a directory, you can use blacklist rules to achieve this goal. For example, you can add the following to the security profile:

Blacklist ${HOME} / Documents

Another way to achieve the same result is to actually describe the full path of the folder you want to restrict:

Blacklist / home/user/Documents

You can configure security profiles in many different ways, such as forbidding access, allowing read-only access, and so on. If you are interested in building a custom configuration file, you can check out the following firejail instructions. Firejail is a great tool for secure users who want to protect the system.

At this point, I believe you have a deeper understanding of "how to improve system installation through Firejail under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.