firejail online with Winfy

We have hosted the application firejail in order to run this application in our online workstations with Wine or directly.

Quick description about firejail:

Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer.

Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc.

Features:

• Linux namespaces
• Filesystem container: local filesystem, chroot filesystem, overlay filesystem
• Four security filters: seccomp, protocol, noroot user namespace, Linux capabilities
• Custom security profiles
• Resource allocation: Linux control groups and rlimits
• Networking support
• Statistics and monitoring
• Graphical user interface

.