For this lab, you'll create a virtual machine with your favorite flavor of desktop Ubuntu. Let's get started:
- Create a virtual machine with your favorite Ubuntu flavor. To use Lubuntu, as I do, just use this the following download link: http://cdimage.ubuntu.com/lubuntu/releases/18.04/release/lubuntu-18.04.3-desktop-amd64.iso.
- Update the VM using the following command:
sudo apt update
sudo dist-upgrade
Then, reboot the machine.
- Install Firejail, LibreOffice, and Chromium:
sudo apt install firejail libreoffice chromium-browser
- In one Terminal window, start Chromium without any kernel capabilities:
firejail --caps.drop=all chromium-browser
- Surf to various websites to see if everything works as it should.
- In another Terminal window, start LibreOffice, also without any capabilities:
firejail --caps.drop=all libreoffice
- Create the various types of LibreOffice documents and try out various LibreOffice functions to see how much still works properly.
- Shut down both Chromium and LibreOffice.
- Configure Firejail so that it automatically sandboxes every application you start, even if you do this from the normal Start menu:
sudo firecfg
- Look at the symbolic links that were created:
ls -l /usr/local/bin
- Try to open Firefox from the normal menu. Unless things have been fixed since I wrote this, you should see nothing but blank browser pages. So, shut down Firefox.
- Okay; so you won't be able to sandbox Firefox. To be able to run Firefox without Firejail, just delete its symbolic link from the /user/local/bin directory, like so:
sudo rm /usr/local/bin/firefox
- Try to run Firefox again. You should see that it starts normally.
You've completed this lab – congratulations!
There are a lot more Firejail options than what I can show you here. For more information, see the Firejail man page and the documentation on the Firejail website.
So far, you've seen both the good and the bad of using Firejail. Next up, we'll look at a couple of universal packaging systems for Linux.