• Firejail


    I am considering installing Firejail to sandbox Firefox and Thunderbird.  I understand that when I want to download something, Firejail will send it to the Downloads folder, but other locations are restricted.  I am not sure what it does with items I want to attach to outgoing emails; I have read claims that these items must first be moved to the Downloads folder and then pulled from there.  Evidently, Firejail will allow me to whitelist other folders, but my current practice of downloading to the Desktop may not survive, given that it would place everything on the Desktop inside the sandbox.

    The articles I have read fail to address what happens after the file is downloaded to the Downloads folder.  Firejail seemingly would be of little use if my next step was to transfer the file to a another folder outside the sandbox or copy it to a flash drive for transfer to my offline computer.  Currently, an AV program on that computer scans any connected flash drive before its files are copied over.  But even the act of copying them from the Downloads folder to the flash drive would seem to expose the internet computer to malware.

    So is the expectation that the downloaded file will be scanned while it is still sitting in the Downloads folder, inside the sandbox?  If so, with what?

    • This topic was modified 1 month, 3 weeks ago by wdburt1.
    Viewing 0 reply threads
    • #2531371

      Sandboxing and firejail are more to prevent a website from automatically installing a virus or snooping private data from your computer (non-browser data).  If you intentionally download a file, if it is a non-executable it should be safe unless a media player has an exploit.  If it is a file intended to execute, you are right, it should be virus scanned before being run.  Your download folder should probably not have execute permissions, and yes you would copy and virus scan to another folder for “installers” or such.  However almost all the time you should be installing software through your package manager, flatpak or snap, right?

      This has an ok disclaimer about what sandboxing is and isn’t for:


      1 user thanked author for this post.
    Viewing 0 reply threads
    Reply To: Firejail

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: