Summary
What makes Firejail so special it qualifies for inclusion in our Essential System Tools feature? Above all, it puts users first.
It’s really easy to install and use. More time to spend actually using software. Most people won’t need any custom configuration. There’s a wide range of software which come with sandbox profiles.
The software helps to reduce the risk of security breaches. It’s lightweight and while it uses CPU cycles, the overhead is remarkably low. Firejail sandboxes do not each run their own copy of a full-blown operating system. Instead they operate in a resource-isolated environment created by standard facilities of your system’s existing Linux kernel. As such, despite the high level of protection offered, the overhead of running a Firejail sandbox is extremely low. So your software, including games, run at full steam, unlike a full virtualisation environment.
Firejail is an excellent tool for the security conscious. While it adds a layer of protection, you should use it with other security tools. We use it mainly for web browsing, and to lock down services.
There’s no socket connections open, and no daemons running in the background. All security features are implemented directly in Linux kernel.
Website: firejail.wordpress.com, Firetools
Support: GitHub Code Repository
Developer: netblue30 and contributors
License: GNU General Public License v2
Firejail is written in C. Learn C with our recommended free books and free tutorials.
Pages in this article:
Page 1 – Introduction / Installation
Page 2 – In Operation
Page 3 – Other Features
Page 4 – Firetools
Page 5 – Summary
All the essential tools in this series:
| Essential System Tools | |
|---|---|
| Alacritty | Innovative, hardware-accelerated terminal emulator |
| BleachBit | System cleaning software. Quick and easy way to service your computer |
| bottom | Graphical process/system monitor for the terminal |
| btop++ | Monitor usage and stats for CPU, memory, disks, network and processes |
| catfish | Versatile file searching software |
| Clonezilla | Partition and disk cloning software |
| CPU-X | System profiler with both a GUI and text-based |
| Czkawka | Find duplicate files, big files, empty files, similar images, and much more |
| ddrescue | Data recovery tool, retrieving data from failing drives as safely as possible |
| dust | More intuitive version of du written in Rust |
| f3 | Detect and fix counterfeit flash storage |
| Fail2ban | Ban hosts that cause multiple authentication errors |
| fdupes | Find or delete duplicate files |
| Firejail | Restrict the running environment of untrusted applications |
| Glances | Cross-platform system monitoring tool written in Python |
| GParted | Resize, copy, and move partitions without data |
| GreenWithEnvy | NVIDIA graphics card utility |
| gtop | System monitoring dashboard |
| gWakeOnLAN | Turn machines on through Wake On LAN |
| hyperfine | Command-line benchmarking tool |
| inxi | Command-line system information tool that's a time-saver for everyone |
| journalctl | Query and display messages from the journal |
| kmon | Manage Linux kernel modules with this text-based tool |
| Krusader | Advanced, twin-panel (commander-style) file manager |
| Neofetch | System information tool written in Bash |
| Nmap | Network security tool that builds a "map" of the network |
| nmon | Systems administrator, tuner, and benchmark tool |
| nnn | Portable terminal file manager that's amazingly frugal |
| pet | Simple command-line snippet manager |
| Pingnoo | Graphical representation for traceroute and ping output |
| ps_mem | Accurate reporting of software's memory consumption |
| SMC | Multi-featured system monitor written in Python |
| Timeshift | Reliable system restore tool |
| QDirStat | Qt-based directory statistics |
| QJournalctl | Graphical User Interface for systemd’s journalctl |
| TLP | Must-have tool for anyone running Linux on a notebook |
| Unison | Console and graphical file synchronization software |
| VeraCrypt | Strong disk encryption software |
| Ventoy | Create bootable USB drive for ISO, WIM, IMG, VHD(x), EFI files |
| WTF | Personal information dashboard for your terminal |