From mboxrd@z Thu Jan  1 00:00:00 1970
From: swedebugia <swedebugia@riseup.net>
Subject: Anyone working on packaging Firejail?
Date: Thu, 20 Dec 2018 06:50:44 +0100
Message-ID: <0e147b49-4a5a-c269-5973-8709e6c37ba6@riseup.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33050)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <swedebugia@riseup.net>) id 1gZr89-00069g-Mt
	for guix-devel@gnu.org; Thu, 20 Dec 2018 00:44:23 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <swedebugia@riseup.net>) id 1gZr86-0000Vb-2O
	for guix-devel@gnu.org; Thu, 20 Dec 2018 00:44:21 -0500
Received: from mx1.riseup.net ([198.252.153.129]:42637)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <swedebugia@riseup.net>)
	id 1gZr84-0000SW-UT
	for guix-devel@gnu.org; Thu, 20 Dec 2018 00:44:17 -0500
Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "*.riseup.net",
	Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.riseup.net (Postfix) with ESMTPS id 632651A01B1
	for <guix-devel@gnu.org>; Wed, 19 Dec 2018 21:44:14 -0800 (PST)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	by piha.riseup.net with ESMTPSA id BFF646C0D8
	for <guix-devel@gnu.org>; Wed, 19 Dec 2018 21:44:13 -0800 (PST)
Content-Language: en-US
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel <guix-devel@gnu.org>

https://firejail.wordpress.com/

Firejail is a SUID program that reduces the risk of security breaches by=20
restricting the running environment of untrusted applications using=20
Linux namespaces and seccomp-bpf. It allows a process and all its=20
descendants to have their own private view of the globally shared kernel=20
resources, such as the network stack, process table, mount table.

Written in C with virtually no dependencies, the software runs on any=20
Linux computer with a 3.x kernel version or newer. The sandbox is=20
lightweight, the overhead is low. There are no complicated configuration=20
files to edit, no socket connections open, no daemons running in the=20
background. All security features are implemented directly in Linux=20
kernel and available on any Linux computer. The program is released=20
under GPL v2 license.

Firejail can sandbox any type of processes: servers, graphical=20
applications, and even user login sessions. The software includes=20
security profiles for a large number of Linux programs: Mozilla Firefox,=20
Chromium, VLC, Transmission etc. To start the sandbox, prefix your=20
command with =E2=80=9Cfirejail=E2=80=9D:

     $ firejail firefox                       # starting Mozilla Firefox
     $ firejail transmission-gtk              # starting Transmission=20
BitTorrent
     $ firejail vlc                           # starting VideoLAN Client
     $ sudo firejail /etc/init.d/nginx start  # starting nginx web server


--=20
Cheers Swedebugia