Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf.
This Ansible role allows you to setup and configure Firejail.
- Install Firejail from jessie-backports or other configured APT repositories. debops.apt can be used to enable Backports if needed.
- Sandbox programs system wide by placing a symlink to
firejailinto thePATHso thatfirejailcan wrap program invocations and sandbox the invoked program using security profiles that Firejail ships or that the system administrator defines.
This role requires at least Ansible v2.1.3. To install it, run:
ansible-galaxy install debops-contrib.firejailMore information about debops-contrib.firejail can be found in the
official debops-contrib.firejail documentation.
Please note that this repository is not the upstream repository where changes should be contributed to. Head over to https://github.com/debops/debops where you can find the contents of this repo and where changes are welcome.
You may need to include missing roles from the DebOps common playbook into your playbook.
Try DebOps now for a complete solution to run your Debian-based infrastructure.
- Robin Schneider (maintainer) | e-mail | GitHub
License: GPL-3.0
This role is part of DebOps Contrib. README generated by ansigenome.