**** DONE Firejail :software:blog:privacy:security: CLOSED: [2017-03-11 Sat 22:39] :PROPERTIES: :ID: 2017-03-11-firejail :CREATED: [2017-03-11 Sat 22:29] :END: :LOGBOOK: - State "DONE" from "NEXT" [2017-03-11 Sat 22:39] :END: [[https://chemnitzer.linux-tage.de/2017/de/programm/beitrag/236][Stefan Schumacher mentioned]] [[https://firejail.wordpress.com/][Firejail]] in his talk today. It's a relatively new tool to run arbotrary GNU/Linux application in a sandbox environment. For example =firejail firefox= starts a standard FireFox browser with the FireFox Firejail profile that is part of the default package of Firejail. There are many other pre-defined profiles for other applications as well. Of course you can overwrite or create new profiles. Profiles define white- or black-lists for read/write access on directories, network bandwidth, firewall rules, and so forth. Really powerful when you don't want to run more elaborate stuff such as [[https://www.qubes-os.org/][Qubes OS]].