User:Trickygnome/Firejail Hardening
From Gentoo Wiki
Jump to:navigation
Jump to:search
FILE
/etc/firejail/firejail.config
allow-tray no bind no dbus no # eqaul to --dbus-user=none --dbus-system=none disable-mnt yes force-nonewprivs yes join no
Based on app-misc/neofetch script
FILE
command line options for Firejail--novideo --nosound \ --private-dev --nodvd \ --noprinters \ --nonewprivs \ --dbus-user=none --dbus-system=none \ --env=HOME=~ \ --env=HOSTNAME=localhost \ --env=USER= \ --env=HOSTTYPE=arm64 \ --blacklist=/usr/lib/os-release \ --blacklist=/usr/bin/xfce4-session \ --blacklist=/usr/bin/xfconf-query \ --blacklist=/usr/bin/gsettings \ --blacklist=/usr/bin/id \ --blacklist=/usr/bin/who \ --blacklist=/bin/hostname \ --blacklist=/bin/uname \ --blacklist=/usr/bin/uname \ --blacklist=/etc/os-release \ --blacklist=/etc/gentoo-release \ --blacklist=/sys \ --blacklist=/var \ --blacklist=/proc/version \ --blacklist=/proc/cpuinfo \ --blacklist=/proc/meminfo \ --blacklist=/proc/uptime \
See also
User:Sakaki/Sakaki's EFI Install Guide/Sandboxing the Firefox Browser with Firejail - tutorial-style article, introducing firejail's protection features in some depth, as well as the additional steps required to fully graphically isolate software such as firefox.