Properly configuring Firejail

Firejail Version: 0.9.58.2
Release 4.7 64-bit
Kernel Linux 5.4.0-1parrot1-amd64 x86_64
MATE 1.22.2

a while back I set up firejail by using the sudo firecfg command to active the firejail profile on apps like firefox and vlc. Works fine the firejail profile is mounting properly and appears when using ps aux|grep ‘firejail’.

however I want to block my web browser from seeing my system files so i went ahead and activated apparmor by using the following command: “sudo apparmor_parser -r /etc/apparmor.d/firejail-default”
Correct me if Im wrong but this command should enable apparmor on firejail globally.

after i entered the command i rebooted and started up firefox to see if i could still see my files, unfortunately firefox still has access to them when i enter “file:///home/swiftie/Pictures/” in the URL field.
So i went ahead and tried “firejail --apparmor firefox” https://imgur.com/a/DSTHrOs
firefox opens but im still able to see my files.
I must be doing something wrong here… can someone please help me properly set up firejail with secomp and apparmor.

the firejail project seems to be going full steam, they even have a GUI interface now https://youtu.be/J1ZsXrpAgBU?t=67 if anyone knows how to set that up in parrot that would also be much appreciated!

kind regards.

Hi @Swiftie ,

To help you in the configuration of Firefox with Firejail I give you the link of the official documentation: https://firejail.wordpress.com/documentation-2/firefox-guide/

Then concerning the GUI interface of firejail, the package is called: firetools ( available on our repository ), after the installation you will find: Firejail Configuration Wizard in the Accessories section and Firetools: in the System tools section .

I wait for your news, see you soon.

1 Like

So i just did “sudo apt-get install firetools” i setup my costume profile, when i click “done” firefox opens according to my config, it works for that session. but once I close Firefox, the next time i open it its back to its default config. how do i get my firetools settings to save system wide?

thank you for helping me out :smiley:

Hey @Swiftie , I think that if you want to save a Firejail profile you have to modify it directly in: /etc/firejail , Firetools allows you to launch either the standard profile (/etc/firejail/ ) or a modified but temporary profile ( test , situation needing a particular profile…) , the firefox profile is /etc/firejail/firefox-common.profile , you will find all the info here: https://firejail.wordpress.com/
See u soon.

2 Likes

The syntax is pretty easy for firejail. As @jarfr said, visit this website & once you get the basics clear, go to /etc/firejail and checkout couple of profile via text editor (Pluma?)

Epecially the profiles of Tor, firefox, libreoffice, astrill, Vbox. You’ll get an idea & would be able to modify the profiles (as su) accordingly to your needs :computer_mouse:

2 Likes

Thanks for taking the time to respond to my inquiry! So I played around with Firejail a bit longer and figured out how to edit my Firejail profiles using nano; for example this is my Firefox profile https://imgur.com/a/XV0TcfD
I’ve added a few blacklists to limit access to certain files from my browser. its a very simple sandbox config, let me know if there’s anything else i can add to improve this profile! I don’t care much about proxy or DNS modifications, i care more about exploit and access controls, like no webcam access enforcement. I’m having a hard time finding the individual commands to enforce those controls.
kind regards.

1 Like