Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.

Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel version or newer. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are implemented directly in Linux kernel and available on any Linux computer. The program is released under GPL v2 license.

Firejail can sandbox any type of processes: servers, graphical applications, and even user login sessions. The software includes security profiles for a large number of Linux programs: Mozilla Firefox, Chromium, VLC, Transmission etc. To start the sandbox, prefix your command with “firejail”:

$ firejail firefox                       # starting Mozilla Firefox
$ firejail transmission-gtk              # starting Transmission BitTorrent 
$ firejail vlc                           # starting VideoLAN Client
$ sudo firejail /etc/init.d/nginx start  # starting nginx web server

To protect user’s privacy, we deploy a very strict Mandatory Access Control (MAC) on top of the existing file system. Access to passwords, encryption keys, and private data is blocked for more than 1000 different desktop applications. As a general rule, networked apps and games have access only to configuration files and Downloads directory.

We also develop two additional sandbox subprojects:

Firetools is the graphical user interface of Firejail. The application is built using Qt5 libraries. It provides a sandbox launcher integrated with the system tray, sandbox editing, management and statistics. (development page)

FDNS is a DNS over HTTPS (DoH) proxy server. FDNS protects your computer against some of the most common cyber threats,. We use only DoH services from non-logging providers (development page)

About Us

Firejail is a community project. We are not affiliated with any company, and we don’t have any commercial goals. Our focus is the Linux desktop. Home users and Linux beginners are our target market. The software is built by a large international team of volunteers on GitHub. Expert or regular Linux user, you are welcome to join us!

Security bugs are taken seriously, please email them to netblue30 at protonmail.com

News

November 2025 – released FDNS 0.9.76. This release brings in support for DNS over QUIC, a much larger server list, a full rebuild of the adblocking filters, and lots of bugfixes. Release Notes

August 2025 – released Firejail version 0.9.76. This is an emergency release! Due to an xorg change in the xkeyboard-config package (https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config), many/most xorg programs were rendered completely broken when running under firejail 0.9.74. The issue was brought up by Arch Linux users, currently affected by this problem. In this release there are also a small number of new features, and lots of bugfixes. Release Notes

March 2025 – released Firejail version 0.9.74. In this release we introduce a large number of new features, bugfixes, and new application profiles. We also added experimental support for Landlock, a new stackable Linux Security Module (LSM) still under heavy development in the Linux kernel. Release Notes

October 2024 –released FDNS 0.74.2 bugfixes! Release Notes

September 2024 – released FDNS 0.0.74. The software went trough a major cleanup, and several rarely used features have been removed: –debug-ssl, –proxy-addr-any, –cache-ttl, –log-timeout, –blacklist, –qps, –unlist, –disable-local-doh, –disable-syslog, –transport, and –fallback-only. In addition, we implemented several new features, such as keepalive autodetection, streamlined some of the existing functionality, a full rebuild of adblock filters, and lots of bugfixes. The server count is around 280. Release Notes

October 2023 – released FDNS 0.9.72. In this release we continue the development of our nxdomain tool, streamlined some of the least-used features, and added --disable-syslog command line option. The adblock filters have been fully rebuilt, we introduced a new phishing filter, and updated the server list. Release Notes

January 2023 – released Firetools version 0.9.72. Release Notes

January 2023 – released Firejail version 0.9.72. In this release we introduce a new seccomp filter for restricting the creation of Linux namespaces, and continue with the implementation of our network tracing feature. There are also lots of security updates, bug fixes, and new application profiles. Release Notes

External Projects

• HOWTO: Firejailed Tor Browser
• fjp is a handy command line program to work fast and straightforward with firejail profiles.
• Fireinvoke is a program that allows to easily run appimages and programs extracted from archives in the firejail sandbox by running simple command or by just double clicking it in file manager.
• fire-install installs programs from archives and appimages into ~/.programs and creates launchers in ~/.local/bin. The programs are executed with fireinvoke.
• Firewarden is a bash script used to open a program within a private Firejail sandbox.
• Ansible role to setup Firejail
• firejail-extras: Arch Linux AUR package containing extra security profiles for Firejail
• https://github.com/chiraag-nataraj/firejail-profiles – This is a collection of tighter security profiles maintained by a member of Firejail development team.
• Firejail package on SlackBuilds.org
• ansible-firejail – Ansible playbook for Firejail.