The officially official Devuan Forum!

You are not logged in.

#1 2022-04-21 01:14:16

Registered: 2020-08-10
Posts: 26  

Firejail security concerns

11 months ago, the Alpine Linux team withdrew firejail from their repositories, citing security concerns with it:

This looks like it was a sudden thing, and is a little annoying because the suggested Bubblejail replacement is not working properly for me (Alpine v3.15.4; not edge).

Does anyone know if it is likely to vanish from Debian/Devuan for similar reasons?  If so, is there/will there be a good, KISS, easy-to-use alternative?

Last edited by dvnUsr (2022-04-21 01:19:01)


#2 2022-04-21 02:30:58

From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 779  

Re: Firejail security concerns

You might possibly enjoy overlay-boot in Devuan's experimental repository.
It's a couple of scripts using unshare for namespace separation.

Add the following line to your sources.list for installing it

deb experimental main


#3 2022-04-25 13:30:47

From: London
Registered: 2019-03-24
Posts: 2,733  

Re: Firejail security concerns

dvnUsr wrote:

if it is likely to vanish from Debian/Devuan for similar reasons?

I wouldn't think so. Alpine place considerably more emphasis on security than Debian — they don't even apply the unprivileged user namespaces sysctl patch to their kernel, unlike Debian.

"Who's the idiot in charge?" — ralph.ronnquist


#4 2022-05-28 17:38:34

Registered: 2019-06-12
Posts: 76  

Re: Firejail security concerns

firejail from my experience has been pretty good. Issue is when you start running untrusted programs and required to hash out seccomp for hardware and/or syscall access. Along with other security settings that otherwise would make it pretty solid choice.

Last edited by czeekaj (2022-05-28 17:39:41)


Board footer