Bug 22750

Summary: Firejail + Firetools lets users easly run programs sandboxed
Product: Mageia Reporter: Morgan Leijström <fri>
Component: New RPM package requestAssignee: All Packagers <pkg-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: Normal CC: jani.valimaa, marja11
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://firejail.wordpress.com/
Whiteboard:
Source RPM: firejail CVE:
Status comment:

Description Morgan Leijström 2018-03-12 11:45:13 CET 
Description of goal:
It would be nice to have an easy to use jail/sandbox functionality, especially when trying out programs not in our repos, or programs that may load other less known programs, such as web browsers. I.e appimage homepage recommends firejail.  


"Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. 

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit," 

...

... a graphical user interface, Firetools. Distributed as a separate package, the application is built using Qt4/Qt5 libraries. It provides a sandbox launcher integrated with the system tray, sandbox editing, management and statistics."


Also see  https://iwf1.com/firejail-is-an-amazing-linux-tool-that-helps-you-bolster-security
Comment 1 Marja Van Waes 2018-03-13 18:21:23 CET 
Assigning this package request to all packagers collectively. On a voluntary basis, one of them might, if there are no license or other legal issues, want to integrate it to the distribution and maintain it for bug and security fixes.

You might also want to join the packager team to maintain this piece of software: see https://wiki.mageia.org/en/Becoming_a_Mageia_Packager

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11
Source RPM: (none) => firejail

Comment 2 Jani Välimaa 2018-04-22 14:43:15 CEST 
Imported firejail and firetools.

CC: (none) => jani.valimaa
Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 Morgan Leijström 2018-04-22 20:58:11 CEST 
Many thanks Jani
IMO this is an important tool to enhance security

I dont run cauldron but using https://wiki.mageia.org/en/How_to_do_your_own_backports, i have it on mga6, and it works launching programs in it, and firetools seem to work - I have not verified sandboxing functions.

I updated https://wiki.mageia.org/en/Ways_to_install_programs#Security

If you have the time backport it to mga6 i will update the info again :)