Firejail

Security sandbox for restricting untrusted applications on Linux

Security linux C GPL-2.0

Description

Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It provides sandboxing with minimal configuration.

AI Summary

Security sandbox that restricts untrusted applications using Linux namespaces and seccomp-bpf

Capabilities

+ Sandbox untrusted applications
+ Restrict filesystem access
+ Limit network access for applications
+ Use Linux namespaces for isolation
+ Apply seccomp-bpf filters

Use When

→ When running untrusted applications securely
→ When sandboxing browser or other network-facing apps

Avoid When

x On non-Linux platforms

View AGENTS.md for Firejail