You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-04-21 01:14:16
- dvnUsr
- Member
- Registered: 2020-08-10
- Posts: 25
Firejail security concerns
11 months ago, the Alpine Linux team withdrew firejail from their repositories, citing security concerns with it:
This looks like it was a sudden thing, and is a little annoying because the suggested Bubblejail replacement is not working properly for me (Alpine v3.15.4; not edge).
Does anyone know if it is likely to vanish from Debian/Devuan for similar reasons? If so, is there/will there be a good, KISS, easy-to-use alternative?
Last edited by dvnUsr (2022-04-21 01:19:01)
Offline
#2 2022-04-21 02:30:58
- ralph.ronnquist
- Administrator
- From: Clifton Hill, Victoria, AUS
- Registered: 2016-11-30
- Posts: 710
Re: Firejail security concerns
You might possibly enjoy overlay-boot in Devuan's experimental repository.
It's a couple of scripts using unshare for namespace separation.
Add the following line to your sources.list for installing it
deb http://pkgmaster.devuan.org/devuan experimental mainOffline
#3 2022-04-25 13:30:47
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 2,429
Re: Firejail security concerns
if it is likely to vanish from Debian/Devuan for similar reasons?
I wouldn't think so. Alpine place considerably more emphasis on security than Debian — they don't even apply the unprivileged user namespaces sysctl patch to their kernel, unlike Debian.
To obtain a root shell use su -. Using just su will result in "command not found" messages.
Offline
#4 2022-05-28 17:38:34
- czeekaj
- Member
- Registered: 2019-06-12
- Posts: 76
Re: Firejail security concerns
firejail from my experience has been pretty good. Issue is when you start running untrusted programs and required to hash out seccomp for hardware and/or syscall access. Along with other security settings that otherwise would make it pretty solid choice.
Last edited by czeekaj (2022-05-28 17:39:41)
Offline
Pages: 1
