Firejail – Securely Run Untrusted Applications in Linux

Sometimes you may want to use applications that have not been well tested in different environments, yet you must use them. In such cases, it is normal to be concerned about the security of your system. One thing that can be done in Linux is to use applications in a sandbox.

Sandboxing” is the ability to run application in a limited environment. That way the application is provided a tighten amount of resources, needed to run. Thanks to application called Firejail, you can safely run untrusted applications in Linux.

Firejail is a SUID (Set Owner User ID) application that decrease the exposure of security breaches by limiting the running environment of untrusted programs using Linux namespaces and seccomp-bpf.

It makes a process and all its descendants to have their own secret view of the globally shared kernel resources, such as the network stack, process table, mount table.

Some of the features that Firejail uses:

  • Linux namespaces
  • Filesystem container
  • Security filters
  • Networking support
  • Resource allocation

Detailed information about Firejail features can be found in the official page.

How to Install Firejail in Linux

The installation can be completed by downloading the latest package from the project’s github page using git command as shown.

$ git clone
$ cd firejail
$ ./configure && make && sudo make install-strip

In case you don’t have git installed on your system, you can install it with:

$ sudo apt install git  [On Debian/Ubuntu]
# yum install git       [On CentOS/RHEL]
# dnf install git       [On Fedora 22+]

An alternative way of installing firejail is to download the package associated with your Linux distribution and install it with its package manager. Files can be downloaded from SourceForge page of the project. Once you have the file downloaded, you can install it with:

$ sudo dpkg -i firejail_X.Y_1_amd64.deb   [On Debian/Ubuntu]
$ sudo rpm -i firejail_X.Y-Z.x86_64.rpm   [On CentOS/RHEL/Fedora]

How to Run Applications with Firejail in Linux

You are now ready to run your applications with firejail. This is accomplished by launching a terminal and adding firejail before the command you wish to run.

Here is an example:

$ firejail firefox    #start Firefox web browser
$ firejail vlc        # start VLC player

Create Security Profile

Firejail includes many security profiles for different applications and they are stored in:


If you have build the project from source, you can find the profiles in:

# path-to-firejail/etc/

If you have used the rpm/deb package, you can find the security profiles in:


Users, should place their profiles in the following directory:


If you want to extend an existing security profile, you can use include with path to the profile and add your lines afterwards. This should look something like this:

$ cat ~/.config/firejail/vlc.profile

include /etc/firejail/vlc.profile
net none

If you wish to restrict access of application to certain directory, you can use a blacklist rule to achieve exactly that. For example, you can add the following to your security profile:

blacklist ${HOME}/Documents

Another way to achieve the same result is to actually describe the full path to the folder you wish to restrict:

blacklist /home/user/Documents

There are many different ways in which you can configure your security profiles, such as disallowing access, allowing read-only access etc. If you are interested in building custom profiles, you can check the following firejail instructions.

Firejail is an awesome tool for the security minded users, who want to protect their system.

Tutorial Feedback...
Was this article helpful? If you don't find this article helpful or found some outdated info, issue or a typo, do post your valuable feedback or suggestions in the comments to help improve this article...

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

2 thoughts on “Firejail – Securely Run Untrusted Applications in Linux”

  1. Firejail can be used to sandbox and secure ANY application, whether trusted or untrusted.

    Firejail users should also download/install Firetools package which provides a GUI front end for Firejail as well as other helpful options.


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.