Summary
What makes Firejail so special it qualifies for inclusion in our Essential System Tools feature? Above all, it puts users first.
It’s really easy to install and use. More time to spend actually using software. Most people won’t need any custom configuration. There’s a wide range of software which come with sandbox profiles.
The software helps to reduce the risk of security breaches. It’s lightweight and while it uses CPU cycles, the overhead is remarkably low. Firejail sandboxes do not each run their own copy of a full-blown operating system. Instead they operate in a resource-isolated environment created by standard facilities of your system’s existing Linux kernel. As such, despite the high level of protection offered, the overhead of running a Firejail sandbox is extremely low. So your software, including games, run at full steam, unlike a full virtualisation environment.
Firejail is an excellent tool for the security conscious. While it adds a layer of protection, you should use it with other security tools. We use it mainly for web browsing, and to lock down services.
There’s no socket connections open, and no daemons running in the background. All security features are implemented directly in Linux kernel.
Website: firejail.wordpress.com, Firetools
Support: GitHub Code Repository
Developer: netblue30 and contributors
License: GNU General Public License v2
Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Other Features
Page 4 – Firetools
Page 5 – Summary
All the essential tools in this series:
| Essential System Tools | |
|---|---|
| ps_mem | Accurate reporting of software's memory consumption |
| gtop | System monitoring dashboard |
| pet | Simple command-line snippet manager |
| Alacritty | Innovative, hardware-accelerated terminal emulator |
| inxi | Command-line system information tool that's a time-saver for everyone |
| BleachBit | System cleaning software. Quick and easy way to service your computer |
| catfish | Versatile file searching software |
| journalctl | Query and display messages from the journal |
| Nmap | Network security tool that builds a "map" of the network |
| ddrescue | Data recovery tool, retrieving data from failing drives as safely as possible |
| Neofetch | System information tool written in Bash |
| Timeshift | Similar to Windows' System Restore functionality, Time Machine Tool in Mac OS |
| GParted | Resize, copy, and move partitions without data |
| Clonezilla | Partition and disk cloning software |
| fdupes | Find or delete duplicate files |
| Krusader | Advanced, twin-panel (commander-style) file manager |
| nmon | Systems administrator, tuner, and benchmark tool |
| f3 | Detect and fix counterfeit flash storage |
| QJournalctl | Graphical User Interface for systemd’s journalctl |
| QDirStat | Qt-based directory statistics |
| Firejail | Restrict the running environment of untrusted applications |
| VeraCrypt | Strong disk encryption software |
| Unison | Console and graphical file synchronization software |
| hyperfine | Command-line benchmarking tool |
| TLP | Must-have tool for anyone running Linux on a notebook |
| nnn | Portable terminal file manager that's amazingly frugal |
| Glances | Cross-platform system monitoring tool written in Python |
| CPU-X | System profiler with both a GUI and text-based |
| Ventoy | Create bootable USB drive for ISO/WIM/IMG/VHD(x)/EFI files |
| Fail2ban | Ban hosts that cause multiple authentication errors |