Linux command
firejail 命令
安全
权限或系统影响较大,执行前请核对目标。
常用示例
Integrate
sudo firecfg
Example
firejail [firefox]
Example
firejail --net=[eth0] --ip=[192.168.1.244] [/etc/init.d/apache2] [start]
List
firejail --list
Example
firejail --netstats
Shutdown
firejail --shutdown=[7777]
Example
firejail --seccomp --private --private-dev --private-tmp --protocol=inet firefox --new-instance --no-remote --safe-mode --private-window
Example
firejail --hosts-file=[~/myhosts] [curl http://mysite.arpa]
说明
firejail securely sandboxes processes using Linux namespaces, seccomp-bpf, and capabilities. It isolates applications from the rest of the system for security. Provides per-application profiles for common programs like Firefox and VLC.
参数
- --list
- List running sandboxes
- --netstats
- Show network activity
- --shutdown _pid_
- Stop sandbox by PID
- --net _interface_
- Use network namespace
- --ip _address_
- Assign IP address
- --seccomp
- Enable seccomp filtering
- --private
- Use private home directory
- --private-tmp
- Use private /tmp
- --private-dev
- Use private /dev
FAQ
What is the firejail command used for?
firejail securely sandboxes processes using Linux namespaces, seccomp-bpf, and capabilities. It isolates applications from the rest of the system for security. Provides per-application profiles for common programs like Firefox and VLC.
How do I run a basic firejail example?
Run `sudo firecfg` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --list do in firejail?
List running sandboxes