Firejail: yes or not?

Hello everyone! We would like to have your opinion about one of the most important tools of Parrot: Firejail.
What do you think of this? Why sandboxing/firejail is needed for secure the system, and why it is not needed?

Ps. No bad behavior, no offense. Only constructive opinions/critics.

1 Like

I mean, it would be nice to have it be an option yes, especially if you guys could make it integrate smoothly into the desktop (rather than have users use the CLI to start programs in it).

1 Like

Personally I like Firejail unless we find a better alternative.

There have been mentions of Bubblewrap as an alternative. I just now heard about it. Anyone have any thoughts on it and how it compares to Firejail?

@FinlayDaG33k I agree some users may not like cli. I like cli for most things but it does take some getting used to.

On the upside, there is a firejail configuration tool. You should check it out. Here is a screenshot:
firejail

2 Likes

Oh, I’m fine with a CLI, I just like using a GUI more because then I don’t have to put down my pen as much (I use a drawing tablet as mouse) and it makes a lower entry-barrier in general (which, in my opinion, is always a good thing).

That configuration tool is quite neat, does it come with it by default? if not, Parrot should definitely include it.

2 Likes
  • Pros: jailed
  • Cons:
  1. there are apps can’t be worked because of D-BUS bug of firejail.
  2. It is used setuid method -> higher risk. Any 0day could be a killer for the system
  3. We can not manage all profile perfectly.
1 Like

I use Firejail , and sometimes Firetools to create a specific profile , some people have questions about Flaws , attack surface , 0Day…why not invite the maintainer and creator of Firejail : Netblue to come and discuss with us and allow the community to have the answers that this debate wants to raise.

3 Likes

Related prior thread: https://community.parrotlinux.org/t/firejail-worsening-security/10645/5

that could be an element to consider, but… Nothing is free of bugs, and bugs will be fixed… Don’t you think?

Speaking of Firejail, there’s Firetools that helps user :slight_smile:

1 Like

Bugs can be fixed but flaw in design can’t. I love the sandbox or any virtual environment to protect users but we need more advanced research.

How about this tool?


A script to create profile from bubblewrap

1 Like

I honestly believe that Firejail is one of the best tools we have in ParrotOS, but it is usually a problem for some applications that cannot run in a sanboxed environment.
The profiles created by the team are quite good, but not perfect, it is up to each user to create profiles that fit their needs, and they must be experienced users. Firejail makes it difficult for non-experienced users to use ParrotOS comfortably, so we are changing security for convenience. I think firejail should be optional, for each user to decide if they want to use it or not. In my case I will continue to use it until we have something better, the profiles fit enough to my needs, and if not I adjust myself, but not all users think in this way.
Or we make using firejail easier for non-experienced users or we give users a choice if they want to use it or not.

1 Like

Yes! Ye! YES! Very useful and adds an extra layer of confidence and the satisfaction that I can customise an application or even lock-it down just the way I want - to ensure my laptop is more secure.

My ifrst Parrot editions all had Firejail and it anoyed the hell out of me at the start as I did not know what was going on…Now I have just to it I could not live without it!

Granted some programs are an issue and should just be totaly exceptoined.

2 Likes