This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Control firejail desktop integration.

Project Description

Firectl

Firectl is a tool to integrate Firejail sandboxing in the Linux desktop. Enable Firejail for an application and enjoy a more secure desktop.

Usage

To see which applications you can enable:

firectl status

To enable Firejail for a program:

sudo firectl enable firefox

To disable Firejail for a program:

sudo firectl disable firefox

After enabling a program, it will start within a Firejail when launched via the menu or the file manager. To test if it’s working: open a terminal and execute watch firejail --list. This lists all active Firejail sandboxes. Then start an enabled application and look for it in that terminal. Note that applications launched from the terminal or from scripts with their full path, will not be in a Firejail, unless explicitly done so. (So firefox is sandboxed, but /usr/bin/firefox is not.)

The enable/disable commands work with multiple programs at the same time:

sudo firectl enable chromium dropbox evince firefox thunderbird

and for all programs: sudo firectl enable --all.

Alternative: firecfg

Firectl was made before Firejail had its own tool for desktop integration. Firejail 0.9.40+ ships with a tool called firecfg. Look at the Linux Mint Sandboxing Guide and the manual: man firecfg and decide if you still need firectl or if firecfg is enough.

Firectl uses two methods for desktop integration: by modifying the desktop files to run with Firejail and by linking programs to Firejail in /usr/local/bin. This second method is also employed by firecfg. Thats why firecfg and firectl offer similar desktop integrations. There are only very rare cases where the integration is better with firectl.

The main difference is in the interface. Running sudo firecfg enables Firejail for all programs, individual programs can then be disabled by removing them from /usr/local/bin. Firectl provides a nice interface to enable/disable individual programs.

Debian/Ubuntu

For Debian and Ubuntu systems install the deb at https://github.com/rahiel/firectl/releases.

Other distro’s

Restoring

Firectl modifies the system’s desktop files, the files that tell the system which user applications are installed and how to run them. When these applications are updated, the desktop files are also updated, disabling Firejail. The firectl settings need to be restored. (Note that for Debian/Ubuntu systems, installing the deb file takes care of this and no manual restoring is necessary.)

For now you have to manually restore Firejail settings after upgrades:

sudo firectl restore

Install

Install firectl with pip:

sudo pip3 install firectl

Uninstall

To uninstall firectl:

sudo firectl disable --all
sudo pip3 uninstall firectl
sudo rm /etc/firejail/firectl.conf

More security

If you require even more security, the next sensible step is to use an operating system that is built from the ground-up with security in mind. Notable examples are Subgraph OS and Qubes OS.

Release History

Release History

This version
History Node

1.1.0

History Node

1.0.2

History Node

1.0.1

History Node

1.0

History Node

0.2.5

History Node

0.2.4

History Node

0.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
firectl-1.1.0-py3-none-any.whl (8.6 kB) Copy SHA256 Checksum SHA256 py3 Wheel May 27, 2017
firectl-1.1.0.tar.gz (5.6 kB) Copy SHA256 Checksum SHA256 Source May 27, 2017

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting