PINE64
Firejail: Sandbox Pinephone/Pinetab Apps - Printable Version

+- PINE64 (https://forum.pine64.org)
+-- Forum: PinePhone (https://forum.pine64.org/forumdisplay.php?fid=120)
+--- Forum: General Discussion on PinePhone (https://forum.pine64.org/forumdisplay.php?fid=127)
+--- Thread: Firejail: Sandbox Pinephone/Pinetab Apps (/showthread.php?tid=13214)

Firejail: Sandbox Pinephone/Pinetab Apps - RTP - 02-23-2021

I noticed interest in security and did a video on getting started with Firejail. While I demo it on the Pinetab (for viewability), I did the video with Pinephone users in mind.

Some users might think Firejail is unrealistically complicated-- the walkthrough will show you it's not.

You don't have to make a custom profile for each app (but you can customize later): Firejail has loads of ready profiles.

I go over what Firejail/Sandboxing is, how to use it, and use Firefox as an example. Towards the end we edit the Firefox button/icon on Phosh to make it run in Firejail sandbox by default. I also cover whitelisting so you do not lock yourself out of files while on Firefox.

Check it out here: https://youtu.be/7Q57Nj6Az3U

[Future videos will use another camera app- sorry about a couple moments of autofocus blurs!]

RE: Firejail: Sandbox Pinephone/Pinetab Apps - drgr33n - 02-23-2021

I'm a big fan of firejail. I use it on all of my Linux devices. Firejail is awesome Smile I've also tinkered with Firejail and appimage. Would be nice to use some of this off the shelf stuff to make a nice app store right?

RE: Firejail: Sandbox Pinephone/Pinetab Apps - wibble - 02-23-2021

Thanks. It's mentioned in the mobian wiki, but has a link to the arch wiki rather than giving details.
https://wiki.mobian-project.org/doku.php?id=howto:security#application-sandboxing

Regarding firejail/appinage for an app store, isn't that more or less what flatpak and snap are doing?

RE: Firejail: Sandbox Pinephone/Pinetab Apps - RTP - 02-23-2021

(02-23-2021, 09:17 AM)wibble Wrote: Thanks. It's mentioned in the mobian wiki, but has a link to the arch wiki rather than giving details.
https://wiki.mobian-project.org/doku.php?id=howto:security#application-sandboxing

Regarding firejail/appinage for an app store, isn't that more or less what flatpak and snap are doing?


Ah thanks for mentioning. I just now edited Mobian wiki to add some of the stuff mentioned in video as an option after Bubblewrap. Smile