{"id":15284,"date":"2017-05-17T14:58:19","date_gmt":"2017-05-17T09:28:19","guid":{"rendered":"https:\/\/www.wikitechy.com\/technology\/?p=15284"},"modified":"2017-05-17T14:58:19","modified_gmt":"2017-05-17T09:28:19","slug":"sandbox-non-trusted-apps-linux-systems","status":"publish","type":"post","link":"https:\/\/www.wikitechy.com\/technology\/sandbox-non-trusted-apps-linux-systems\/","title":{"rendered":"How to Sandbox Non-Trusted Apps in Linux Systems"},"content":{"rendered":"

Sometimes we need to run an application that we don’t trust, but we are afraid that it might look at or delete our personal data, since despite the fact that Linux frameworks are less inclined to malware, they are not completely immune. Possibly you need to get to a shady-sounding website. Or perhaps you need to access your bank account, or some other site managing delicate private data. You may put stock in the site, yet don’t believe the additional items or augmentations introduced in your program.<\/p>\n[ad type=”banner”]\n

In each of the above cases, sandboxing is helpful. The thought is to limit the non-trusted application in a secluded compartment – a sandbox\u2013 so that it does not have access to our personal data, or the other applications on our system. While there is, a software called Sandboxie that does what we require, it is accessible for Microsoft Windows. But Linux users need not worry, since we have Firejail for the job.<\/p>\n

So right away, let us see how to set up Fire jail on a Linux system and use it to sandbox apps in Linux:<\/p>\n

Install Firejail:<\/strong><\/span><\/h4>\n

If you are using\u00a0Debian<\/strong>,\u00a0Ubuntu<\/strong>, or\u00a0Linux Mint<\/strong>, open up the\u00a0<\/strong>Terminal<\/strong>, and enter the following\u00a0<\/strong>command<\/strong>:<\/p>\n

sudo apt install firejail<\/code><\/p>\n

Enter your account password, and press\u00a0Enter<\/strong>. If you are asked for a confirmation, type\u00a0y, and press\u00a0Enter<\/strong>\u00a0again.<\/p>\n

If you are using\u00a0Fedora<\/strong>, or any other\u00a0RedHat-based distribution<\/strong>, just replace apt with\u00a0yum<\/em>. The rest of the instructions remain the same:<\/p>\n

sudo yum install firejail<\/code><\/p>\n

You are now ready to run Firejail.<\/p>\n

Optional: Install the Graphical Interface<\/strong><\/span><\/h4>\n

You can select to install the official graphical front-end\u00a0for Firejail called\u00a0Firetools<\/strong>. It is not available in the official repositories, so we will have to manually install it.<\/p>\n

    \n
  1. Download the installation file for your systemDebian, Ubuntu<\/strong>\u00a0and\u00a0Mint<\/strong>\u00a0users should download the file ending with\u00a0.deb<\/strong><\/em>. I am on a 64-bit Mint installation, so I selected\u00a0firetools_0.9.40.1_1_amd64.deb.<\/code><\/li>\n
  2. After the download is complete, open the\u00a0Terminal<\/strong>, and navigate to your\u00a0Downloads<\/strong>\u00a0folder by running\u00a0cd ~\/Downloads.<\/code><\/li>\n
  3. Now install the Firetools package by running the command sudo dpkg -i firetools*.deb.<\/code><\/li>\n
  4. Enter your password, hit\u00a0Enter<\/strong>, and you\u2019re done.<\/li>\n<\/ol>\n

    Basic Usage:<\/strong><\/span><\/h4>\n

    In a\u00a0Terminal<\/strong>, write\u00a0firejail<\/code>, followed by the command that you need to run. For instance,\u00a0to run Firefox<\/strong>:<\/p>\n

    firejail firefox<\/code><\/p>\n

    Make sure to\u00a0close all Firefox windows first<\/strong>. If you don\u2019t, it will just open a new tab or window in the current session \u2013 negating any security benefit you would get from Firejail.<\/p>\n

    Similarly, for\u00a0Google Chrome<\/strong>:<\/p>\n

    firejail google-chrome<\/code><\/p>\n

    Running commands like this gives the application access to only a few needed configuration directories, and your Downloads folder. Access to whatever is left of the document framework, and the other directories in your Home folder is restricted. This can be shown by attempting to get to my home organizer from Chrome:<\/p>\n

    \"How<\/p>\n

    As you can see, most of my folders, including Pictures, Documents, and others are not accessible from the sandboxed chrome. If I still try to access them by modifying the URL, I will get a\u00a0File not found\u00a0error:<\/p>\n

    \"How<\/strong><\/p>\n[ad type=”banner”]\n

    Restricting Applications Further:<\/strong><\/span><\/p>\n

    Sometimes, you may require more restrictions, for instance, you might need to utilize a totally crisp program profile with no history, and no additional items. Suppose you don’t need your web browser to access your Downloads folder either. For that, we can utilize the private choice. Run the application as takes after:<\/p>\n

    firejail google-chrome –private This method completely restricts the application \u2013 it always starts in a fresh state, and cannot even create or download any new files.<\/p>\n

    Using the Graphical Interface \u2013 Firetools:<\/strong><\/span><\/h4>\n

    If you prefer to use a GUI instead of running a command every time, you can use the graphical front-end for Firejail called\u00a0Firetools<\/code><\/strong>. Open the Terminal, and run the command\u00a0firetools. You will see a window like this:<\/p>\n

    \"How
    \nYou can\u00a0double click on any pre-configured application<\/strong>\u00a0(Firefox and VLC here) to run it sandboxed. If you need to add an application, right click on an empty space on the Firetools app, and click on\u00a0Edit<\/strong>:<\/p>\n

    \"How
    \nYou can now enter the name, description, and the command that you need to run. The command would be the same as you would keep running in a comfort. For instance, to create an icon for Google Chrome that you need to keep running in private mode, you would input the following:<\/p>\n

    \"How<\/p>\n

    Now simply double-click the icon you just created to launch the app:<\/p>\n

    \"How
    \nRun Doubtful\u00a0Applications Securely on Linux With Firejail<\/strong><\/span><\/p>\n[ad type=”banner”]\n

    That is, it from our side when it comes to sandboxing non-trusted apps in Linux with Firejail. If you wish to learn more about the advanced sandboxing options that\u00a0Firejail<\/strong><\/span><\/a> offers, take\u00a0a look at the\u00a0official <\/a><\/strong><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    How to Sandbox Non-Trusted Apps in Linux Systems – PC – Sometimes we need to run an application that we don’t trust, but we are afraid that it might look<\/p>\n","protected":false},"author":2,"featured_media":19695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1699,5739],"tags":[45757,45791,45758,40629,45756,45795,45773,45760,45769,45771,45787,45765,45767,45772,45777,45788,45779,45784,45762,45761,45774,45783,45799,45764,45781,45792,45796,45785,45778,45797,45794,45793,45798,45763,45768,45786,45776,45790,45775,45782,45770,45789,45755,45759,45766,45780],"class_list":["post-15284","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","category-pc","tag-apparmor","tag-application-blocked-by-java-security-how-to-fix","tag-chroot","tag-docker","tag-firejail","tag-how-do-i-enable-java-in-firefox","tag-how-do-i-enable-scripts-in-my-browser","tag-how-do-i-turn-on-javascript","tag-how-to-activate-java","tag-how-to-activate-java-in-firefox","tag-how-to-allow","tag-how-to-change-java-security-settings-how-do-i-enable-java","tag-how-to-change-security-settings","tag-how-to-disable-java-security","tag-how-to-disable-javascript-in-ie","tag-how-to-enable-java-firefox","tag-how-to-enable-java-in-browser","tag-how-to-enable-java-in-chrome-browser","tag-how-to-enable-java-in-ie","tag-how-to-enable-java-in-internet-explorer","tag-how-to-enable-java-in-internet-explorer-11","tag-how-to-enable-java-in-mozilla","tag-how-to-enable-java-in-windows-10","tag-how-to-enable-java-on-firefox","tag-how-to-enable-java-on-internet-explorer","tag-how-to-enable-java-plugin-in-firefox","tag-how-to-enable-javascript-in-mozilla-firefox","tag-how-to-enable-javascript-in-mozilla-firefox-browser","tag-how-to-fix-application-blocked-by-java-security","tag-how-to-fix-java-application-blocked-by-security-settings","tag-how-to-make-a-web-browser-in-java","tag-how-to-resolve-application-blocked-by-java-security","tag-how-to-solve-application-blocked-by-java-security","tag-how-to-turn-javascript-on","tag-how-to-turn-off-javascript-in-chrome","tag-how-to-turn-off-javascript-in-firefox","tag-how-to-turn-on-java","tag-how-to-turn-on-java-in-chrome","tag-how-to-turn-on-javascript-in-firefox","tag-how-to-turn-on-javascript-on-chrome","tag-how-to-unblock-java","tag-how-to-unblock-java-security","tag-linux-sandbox-online","tag-selinux","tag-show-java-com","tag-show-java-con"],"_links":{"self":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/15284","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/comments?post=15284"}],"version-history":[{"count":0,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/posts\/15284\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media\/19695"}],"wp:attachment":[{"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/media?parent=15284"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/categories?post=15284"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wikitechy.com\/technology\/wp-json\/wp\/v2\/tags?post=15284"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}