The officially official Devuan Forum!

You are not logged in.

#1 2022-04-21 01:14:16

dvnUsr
Member
Registered: 2020-08-10
Posts: 24  

Firejail security concerns

11 months ago, the Alpine Linux team withdrew firejail from their repositories, citing security concerns with it:

This looks like it was a sudden thing, and is a little annoying because the suggested Bubblejail replacement is not working properly for me (Alpine v3.15.4; not edge).

Does anyone know if it is likely to vanish from Debian/Devuan for similar reasons?  If so, is there/will there be a good, KISS, easy-to-use alternative?

Last edited by dvnUsr (2022-04-21 01:19:01)

Offline

#2 2022-04-21 02:30:58

ralph.ronnquist
Administrator
From: Clifton Hill, Victoria, AUS
Registered: 2016-11-30
Posts: 695  

Re: Firejail security concerns

You might possibly enjoy overlay-boot in Devuan's experimental repository.
It's a couple of scripts using unshare for namespace separation.

Add the following line to your sources.list for installing it

deb http://pkgmaster.devuan.org/devuan experimental main

Offline

#3 2022-04-25 13:30:47

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 2,381  

Re: Firejail security concerns

dvnUsr wrote:

if it is likely to vanish from Debian/Devuan for similar reasons?

I wouldn't think so. Alpine place considerably more emphasis on security than Debian — they don't even apply the unprivileged user namespaces sysctl patch to their kernel, unlike Debian.


To obtain a root shell use su -. Using just su will result in "command not found" messages.

Offline

#4 2022-05-28 17:38:34

czeekaj
Member
Registered: 2019-06-12
Posts: 71  

Re: Firejail security concerns

firejail from my experience has been pretty good. Issue is when you start running untrusted programs and required to hash out seccomp for hardware and/or syscall access. Along with other security settings that otherwise would make it pretty solid choice.

Last edited by czeekaj (2022-05-28 17:39:41)

Offline

Board footer