github-starred/firejail
2
0
Fork 0
mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00
Code Issues 531 Projects Packages Wiki Activity Actions 6

[GH-ISSUE #1227] How secure is firejail for unknown programs? #835

New issue
Closed
opened 2026-05-05 06:56:56 -06:00 by gitea-mirror · 6 comments
gitea-mirror commented 2026-05-05 06:56:56 -06:00
Owner
Copy link

Originally created by @peterzhu2118 on GitHub (Apr 16, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1227

I'm currently writing a program that will run unknown code submitted by other people. Would firejail be a good solution so that if malicious code is submitted, it will not affect the system? Are there cases where outer system resources can be accessed or cases where firejail can be breached?

Originally created by @peterzhu2118 on GitHub (Apr 16, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1227 I'm currently writing a program that will run unknown code submitted by other people. Would firejail be a good solution so that if malicious code is submitted, it will not affect the system? Are there cases where outer system resources can be accessed or cases where firejail can be breached?
gitea-mirror 2026-05-05 06:56:56 -06:00
gitea-mirror commented 2026-05-05 06:57:02 -06:00
Author
Owner
Copy link

@Ferroin commented on GitHub (Apr 17, 2017):

Whether or not Firejail will work really depends on what degree of security you want and what your specific use case is. Regardless of that, there's always the possibility that there's a bug somewhere that could cause a security breach, but in the case of firejail, it's statistically more likely to be in the kernel than firejail itself (the actually security stuff that firejail does is actually done by the kernel, not firejail itself, it just gets set up by firejail).

Depending on how secure you want things and how much you care about performance, you've got roughly four options:

  1. Run the code in firejail with as much isolation as possible. This will get you reasonable security and probably the best performance short of just running the code un-isolated.
  2. Run the code in a QEMU VM with acceleration enabled. This will get you slightly better isolation than firejail (and present a very different attack surface), but will not get you quite the same performance.
  3. Run the code in a QEMU VM with acceleration disabled (no KVM, no VirtIO). This will provide better isolation than option 2, but will have worse performance.
  4. Run the code in a QEMU VM with acceleration disabled which is itself running inside firejail. Adding firejail outside the QEMU VM should close up any remaining holes, and won't hurt performance much once you're running without acceleration. Unfortunately, you can't use KVM inside a firejail sandbox without the risk of severely compromising the security provided by firejail, so running QEMU accelerated inside firejail isn't exactly an option.

If you're working on something like BOINC (distributed cluster computing), I would suggest looking at what they do, specifically the Leiden Classical project (they let users submit jobs, so I assume they have something in place to provide a security guarantee to their users).

<!-- gh-comment-id:294474454 --> @Ferroin commented on GitHub (Apr 17, 2017): Whether or not Firejail will work really depends on what degree of security you want and what your specific use case is. Regardless of that, there's always the possibility that there's a bug somewhere that could cause a security breach, but in the case of firejail, it's statistically more likely to be in the kernel than firejail itself (the actually security stuff that firejail does is actually done by the kernel, not firejail itself, it just gets set up by firejail). Depending on how secure you want things and how much you care about performance, you've got roughly four options: 1. Run the code in firejail with as much isolation as possible. This will get you reasonable security and probably the best performance short of just running the code un-isolated. 2. Run the code in a QEMU VM with acceleration enabled. This will get you slightly better isolation than firejail (and present a very different attack surface), but will not get you quite the same performance. 3. Run the code in a QEMU VM with acceleration disabled (no KVM, no VirtIO). This will provide better isolation than option 2, but will have worse performance. 4. Run the code in a QEMU VM with acceleration disabled which is itself running inside firejail. Adding firejail outside the QEMU VM should close up any remaining holes, and won't hurt performance much once you're running without acceleration. Unfortunately, you can't use KVM inside a firejail sandbox without the risk of severely compromising the security provided by firejail, so running QEMU accelerated inside firejail isn't exactly an option. If you're working on something like BOINC (distributed cluster computing), I would suggest looking at what they do, specifically the Leiden Classical project (they let users submit jobs, so I assume they have something in place to provide a security guarantee to their users).
gitea-mirror commented 2026-05-05 06:57:04 -06:00
Author
Owner
Copy link

@peterzhu2118 commented on GitHub (Apr 17, 2017):

@Ferroin Thanks for the great answer! I'm actually looking to write something that allows users to submit their own code to run on my server. For option 4, you are suggesting for me to run a QEMU VM inside of a firejail instance right? Can a QEMU VM reset itself quickly after every submission for something like a "factory reset"? I've used firejail for this purpose before and since it's just a overlay on the kernel, every new instance I create is "resetted" so if one person submitted something malicious, it won't affect the next person.

Do you know any online hosting services (like AWS, Rackspace, Google Cloud, etc.) that provides this kind of sandboxing service?

<!-- gh-comment-id:294488205 --> @peterzhu2118 commented on GitHub (Apr 17, 2017): @Ferroin Thanks for the great answer! I'm actually looking to write something that allows users to submit their own code to run on my server. For option 4, you are suggesting for me to run a QEMU VM inside of a firejail instance right? Can a QEMU VM reset itself quickly after every submission for something like a "factory reset"? I've used firejail for this purpose before and since it's just a overlay on the kernel, every new instance I create is "resetted" so if one person submitted something malicious, it won't affect the next person. Do you know any online hosting services (like AWS, Rackspace, Google Cloud, etc.) that provides this kind of sandboxing service?
gitea-mirror commented 2026-05-05 06:57:05 -06:00
Author
Owner
Copy link

@Ferroin commented on GitHub (Apr 17, 2017):

Yes, the fourth item was suggesting running a QEMU VM inside a firejail instance (I actually do this on my own systems on occasion when inspecting untrusted code, and adding firejail outside of QEMU imposes almost no overhead). For resetting quickly, most of what you need there is for the actual software in the VM itself to initialize quickly, QEMU can do the equivalent of a hardware reset almost instantly (assuming you have good host hardware of course), and if you go the route of a buildroot based guest, you can have it reset and ready to run the next program in at most a couple of seconds (the best I've managed for something like this in QEMU is 1.3 seconds, but that took a huge amount of work to achieve).

As far as hosting services, AWS EC2 Container service or Amazon Lightsail might do what you need, I'm not certain regarding any other platforms (I've only ever used AWS and Linode for hosting, and Linode probably doesn't provide the degree of security you want). Regardless of that, I would still suggest doing some form of sandboxing inside the hosted instance yourself, just to be extra certain.

<!-- gh-comment-id:294527727 --> @Ferroin commented on GitHub (Apr 17, 2017): Yes, the fourth item was suggesting running a QEMU VM inside a firejail instance (I actually do this on my own systems on occasion when inspecting untrusted code, and adding firejail outside of QEMU imposes almost no overhead). For resetting quickly, most of what you need there is for the actual software in the VM itself to initialize quickly, QEMU can do the equivalent of a hardware reset almost instantly (assuming you have good host hardware of course), and if you go the route of a [buildroot](https://buildroot.org/) based guest, you can have it reset and ready to run the next program in at most a couple of seconds (the best I've managed for something like this in QEMU is 1.3 seconds, but that took a huge amount of work to achieve). As far as hosting services, AWS EC2 Container service or Amazon Lightsail might do what you need, I'm not certain regarding any other platforms (I've only ever used AWS and Linode for hosting, and Linode probably doesn't provide the degree of security you want). Regardless of that, I would still suggest doing some form of sandboxing inside the hosted instance yourself, just to be extra certain.
gitea-mirror commented 2026-05-05 06:57:07 -06:00
Author
Owner
Copy link

@peterzhu2118 commented on GitHub (Apr 17, 2017):

@Ferroin I have been looking at the AWS EC2 Container service. I haven't had much experience with Docker but from what I can tell it seems to be the perfect solution. Correct me if I'm wrong but each Docker instance seems to be isolated and can be easily reset every time to a default. And since I'm not hosting it myself it should be even more reliable. Am I correct? What can go wrong if I use this service?

<!-- gh-comment-id:294532553 --> @peterzhu2118 commented on GitHub (Apr 17, 2017): @Ferroin I have been looking at the AWS EC2 Container service. I haven't had much experience with Docker but from what I can tell it seems to be the perfect solution. Correct me if I'm wrong but each Docker instance seems to be isolated and can be easily reset every time to a default. And since I'm not hosting it myself it should be even more reliable. Am I correct? What can go wrong if I use this service?
gitea-mirror commented 2026-05-05 06:57:08 -06:00
Author
Owner
Copy link

@Ferroin commented on GitHub (Apr 17, 2017):

I don't know 100% for certain myself how well Docker isolates things. I do know that both Docker and firejail use the same underlying technologies to isolate things, but they use them differently (for example, I'm pretty sure that firejail doesn't provide any UID remapping, while Docker does). The key difference lies in what they are designed for, firejail is designed to allow a single user to quickly and easily run untrusted code (and from what I've seen, it's one of the best options for this available), while Docker is designed as an application-specific VM or VServer replacement. Given what you've described as your requirements, it sounds like Docker is more in-line with what you want to do than firejail simply because it was designed for this type of thing, while firejail wasn't really.

Now, depending on how much experience you have with coding, it might be best to write your own tool to do this, as Docker may be a bit heavier than you want (not in terms of security, but in terms of runtime and management overhead). If you do go this route, firejail and docker (as well as Google's lmctfy, Gentoo's sandbox program, and a couple of other similar tools) would probably be a good reference on how to do it.

As far as things like failure modes for hosted services, you're probably better off talking with the hosting providers about that.

<!-- gh-comment-id:294554519 --> @Ferroin commented on GitHub (Apr 17, 2017): I don't know 100% for certain myself how well Docker isolates things. I do know that both Docker and firejail use the same underlying technologies to isolate things, but they use them differently (for example, I'm pretty sure that firejail doesn't provide any UID remapping, while Docker does). The key difference lies in what they are designed for, firejail is designed to allow a single user to quickly and easily run untrusted code (and from what I've seen, it's one of the best options for this available), while Docker is designed as an application-specific VM or VServer replacement. Given what you've described as your requirements, it sounds like Docker is more in-line with what you want to do than firejail simply because it was designed for this type of thing, while firejail wasn't really. Now, depending on how much experience you have with coding, it might be best to write your own tool to do this, as Docker may be a bit heavier than you want (not in terms of security, but in terms of runtime and management overhead). If you do go this route, firejail and docker (as well as Google's lmctfy, Gentoo's sandbox program, and a couple of other similar tools) would probably be a good reference on how to do it. As far as things like failure modes for hosted services, you're probably better off talking with the hosting providers about that.
gitea-mirror commented 2026-05-05 06:57:09 -06:00
Author
Owner
Copy link

@peterzhu2118 commented on GitHub (Apr 19, 2017):

@Ferroin Ok thank you so much for this info! I will try things out to see which one is the best.

<!-- gh-comment-id:295295837 --> @peterzhu2118 commented on GitHub (Apr 19, 2017): @Ferroin Ok thank you so much for this info! I will try things out to see which one is the best.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
serialize_remounts_v2
landlock_v4
landlock
release-0.9.64
release-0.9.62
gitlab_ci
LTSbase
fred_ctests
docs
0.9.80
0.9.80-rc1
0.9.78
0.9.76
0.9.76-rc4
0.9.76-rc3
0.9.76-rc2
0.9.76-rc1
0.9.74
landlock-split
0.9.72
0.9.72rc1
0.9.70
0.9.68
0.9.68rc1
0.9.66
0.9.66rc1
0.9.64.4
0.9.64.2
0.9.64
0.9.64rc1
0.9.62.4
0.9.62.2
0.9.62
0.9.56.2-LTS
0.9.60
0.9.60-rc1
0.9.58.2
0.9.58
0.9.58-rc1
0.9.56-LTS-release
0.9.56-LTS
0.9.56
0.9.56-rc1
0.9.54
0.9.54-rc2
0.9.54-rc1
0.9.52
0.9.38.12
0.9.50
0.9.50-rc1
0.9.48
0.9.46
0.9.46-rc1
0.9.44.10
0.9.44.8
0.9.44.6
0.9.38.10
0.9.44.4
0.9.38.8
0.9.44.2
0.9.44
0.9.44-rc1
0.9.38.4
0.9.42
0.9.42-rc2
0.9.38.2
0.9.42-rc1
disable-globalcfg
0.9.40
0.9.40-rc1
0.9.38
0.9.38-rc1
0.9.36
0.9.36-rc1
0.9.34
0.9.34-rc1
0.9.32
0.9.32-rc1
0.9.30
0.9.30-rc1
Labels
Clear labels   
LTS merge

   
LTS merge

   
bug

   
bug

   
converted-to-discussion

   
doc-todo

   
documentation

   
duplicate

   
enhancement

   
file-transfer

   
firecfg

   
firejail-in-firejail

   
firetools

   
graphics

   
help wanted

   
information_old

   
installation

   
invalid

   
modif

   
moved

   
needinfo

   
networking

   
notabug

   
notourbug

   
old-version

   
overlayfs

   
packaging

   
profile-request

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question_old

   
removal

   
runtime-permissions

   
sandbox-ipc

   
security

   
stale

   
wiki

   
wiki

   
wontfix

   
wordpress

   
workaround
No labels
LTS merge
LTS merge
bug
bug
converted-to-discussion
doc-todo
documentation
duplicate
enhancement
file-transfer
firecfg
firejail-in-firejail
firetools
graphics
help wanted
information_old
installation
invalid
modif
moved
needinfo
networking
notabug
notourbug
old-version
overlayfs
packaging
profile-request
pull-request
question
question_old
removal
runtime-permissions
sandbox-ipc
security
stale
wiki
wiki
wontfix
wordpress
workaround
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#835
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?