Firejail installed by default


Hi guys,

It is my first message, and so, I would thank everyone for the pretty good work for this distribution, this is pure love.

I would like to know the what is the idea behind installing Firejail by default.

At first, I saw “SUID program” and “written in C” as the two first statements on the website, and I can confess that I am since a little bit anxious about that. After that, I took a look at existing CVEs in previous versions, and I was not reassured at all.

I am trying to understand the choice beyond that.

One argument that I have found: if there is no unfixed known vulnerability, that can add a significant challenge to the intruder.
However, the software is using one of the most “harder to secure” language and the one of the most sensitive permission setting available.

There is something else that I could take in consideration?


(Archangel) #2

Hi there @Moelsac,

Can you provide some spefic examples of things you have an issue with regarding firejail? Looking at the CVE’s for any program will surely leave you unassured I’m sure as there will always be flaws in programs. That’s why we are always updating and patching them. No program is without it’s flaws and they will all always need updating. Sandboxing is pretty helpful in reducing the risk of malicious code running rampant on your system.


For all purpose and intend I think it is a great idea to integrate Firejail in an OS as Parrot did.
It increases security in so many ways and if the user wants he/she can tighten things down even more…sure there is a learning curve here but removing it is a big no-no in my book.
This OS can be used for so many things. I am glad it’s there especially when intentionally visiting malware laden sites to inverstigate it’s behavior. I wouldn’t want to do that without tight restrictions on the applications facing the internet…

closed #4