Dev1 Galaxy Forum / Firejail security concerns

Re: Firejail security concerns

dummy@example.com (czeekaj) — Sat, 28 May 2022 17:38:34 +0000

firejail from my experience has been pretty good. Issue is when you start running untrusted programs and required to hash out seccomp for hardware and/or syscall access. Along with other security settings that otherwise would make it pretty solid choice.

Re: Firejail security concerns

dummy@example.com (Head_on_a_Stick) — Mon, 25 Apr 2022 13:30:47 +0000

dvnUsr wrote:

if it is likely to vanish from Debian/Devuan for similar reasons?

I wouldn't think so. Alpine place considerably more emphasis on security than Debian — they don't even apply the unprivileged user namespaces sysctl patch to their kernel, unlike Debian.

Re: Firejail security concerns

dummy@example.com (ralph.ronnquist) — Thu, 21 Apr 2022 02:30:58 +0000

You might possibly enjoy overlay-boot in Devuan's experimental repository.
It's a couple of scripts using unshare for namespace separation.

Add the following line to your sources.list for installing it

deb http://pkgmaster.devuan.org/devuan experimental main

Firejail security concerns

dummy@example.com (dvnUsr) — Thu, 21 Apr 2022 01:14:16 +0000

11 months ago, the Alpine Linux team withdrew firejail from their repositories, citing security concerns with it:

https://gitlab.alpinelinux.org/alpine/a … sues/12643

This looks like it was a sudden thing, and is a little annoying because the suggested Bubblejail replacement is not working properly for me (Alpine v3.15.4; not edge).

Does anyone know if it is likely to vanish from Debian/Devuan for similar reasons? If so, is there/will there be a good, KISS, easy-to-use alternative?