22750 – Firejail + Firetools lets users easly run programs sandboxed

Bug 22750 - Firejail + Firetools lets users easly run programs sandboxed

Summary: Firejail + Firetools lets users easly run programs sandboxed

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	New RPM package request (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: enhancement
Target Milestone:	---
Assignee:	All Packagers
QA Contact:

URL:	https://firejail.wordpress.com/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-03-12 11:45 CET by Morgan Leijström
Modified:	2018-04-22 20:58 CEST (History)
CC List:	2 users (show)

See Also:
Source RPM:	firejail
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Morgan Leijström 2018-03-12 11:45:13 CET

Description of goal:
It would be nice to have an easy to use jail/sandbox functionality, especially when trying out programs not in our repos, or programs that may load other less known programs, such as web browsers. I.e appimage homepage recommends firejail.  


"Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. 

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit," 

...

... a graphical user interface, Firetools. Distributed as a separate package, the application is built using Qt4/Qt5 libraries. It provides a sandbox launcher integrated with the system tray, sandbox editing, management and statistics."


Also see  https://iwf1.com/firejail-is-an-amazing-linux-tool-that-helps-you-bolster-security

Comment 1 Marja Van Waes 2018-03-13 18:21:23 CET

Assigning this package request to all packagers collectively. On a voluntary basis, one of them might, if there are no license or other legal issues, want to integrate it to the distribution and maintain it for bug and security fixes.

You might also want to join the packager team to maintain this piece of software: see https://wiki.mageia.org/en/Becoming_a_Mageia_Packager

Assignee: bugsquad => pkg-bugs
CC: (none) => marja11
Source RPM: (none) => firejail

Comment 2 Jani Välimaa 2018-04-22 14:43:15 CEST

Imported firejail and firetools.

CC: (none) => jani.valimaa
Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 3 Morgan Leijström 2018-04-22 20:58:11 CEST

Many thanks Jani
IMO this is an important tool to enhance security

I dont run cauldron but using https://wiki.mageia.org/en/How_to_do_your_own_backports, i have it on mga6, and it works launching programs in it, and firetools seem to work - I have not verified sandboxing functions.

I updated https://wiki.mageia.org/en/Ways_to_install_programs#Security

If you have the time backport it to mga6 i will update the info again :)

Note You need to log in before you can comment on or make changes to this bug.