firejail
Securely sandboxes processes to containers using built-in Linux capabilities. More information: https://manned.org/firejail.
- Integrate firejail with your desktop environment:
sudo firecfg
- Open a restricted Mozilla Firefox:
firejail {{firefox}}
- Start a restricted Apache server on a known interface and address:
firejail --net={{eth0}} --ip={{192.168.1.244}} {{/etc/init.d/apache2}} {{start}}
- List running sandboxes:
firejail --list
- List network activity from running sandboxes:
firejail --netstats
- Shutdown a running sandbox:
firejail --shutdown={{7777}}
- Run a restricted Firefox session to browse the internet:
firejail --seccomp --private --private-dev --private-tmp --protocol=inet firefox --new-instance --no-remote --safe-mode --private-window
- Use custom hosts file (overriding
/etc/hostsfile):
firejail --hosts-file={{~/myhosts}} {{curl http://mysite.arpa}}