Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
This Ansible role allows you to setup and configure Firejail.
- Install Firejail from jessie-backports or other configured APT repositories. debops.apt can be used to enable Backports if needed.
- Sandbox programs system wide by placing a symlink to
firejailcan wrap program invocations and sandbox the invoked program using security profiles that Firejail ships or that the system administrator defines.
This role requires at least Ansible
v2.1.3. To install it, run:
ansible-galaxy install debops-contrib.firejail
More information about
debops-contrib.firejail can be found in the
official debops-contrib.firejail documentation.
Please note that this repository is not the upstream repository where changes should be contributed to. Head over to https://github.com/debops/debops where you can find the contents of this repo and where changes are welcome.
Are you using this as a standalone role without DebOps?
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
Authors and license