Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
This Ansible role allows you to setup and configure Firejail.
- Install Firejail from jessie-backports or other configured APT repositories. debops.apt can be used to enable Backports if needed.
- Sandbox programs system wide by placing a symlink to
firejailcan wrap program invocations and sandbox the invoked program using security profiles that Firejail ships or that the system administrator defines.
This role requires at least Ansible
v2.1.3. To install it, run:
ansible-galaxy install debops-contrib.firejail
More information about
debops-contrib.firejail can be found in the
official debops-contrib.firejail documentation.
Are you using this as a standalone role without DebOps?
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
Authors and license