          MODULE=firejail
         VERSION=0.9.76
          SOURCE=$MODULE-$VERSION.tar.xz
      SOURCE_URL=https://github.com/netblue30/firejail/releases/download/$VERSION/
      SOURCE_VFY=sha256:6bfaa57e10897f65cc1183b330974d555669d888d6897c7a8739bb1d334d9e4a
        WEB_SITE=http://github.com/netblue30/firejail/
         ENTERED=20160201
         UPDATED=20250731
           SHORT="Linux namespaces and seccomp-bpf sandbox"

cat << EOF
Firejail is a SUID sandbox program that reduces the risk of security breaches
by restricting the running environment of untrusted applications using Linux
namespaces, seccomp-bpf and Linux capabilities. It allows a process and all
its descendants to have their own private view of the globally shared kernel
resources, such as the network stack, process table, mount table.
Firejail can work in a SELinux or AppArmor environment, and it is integrated
with Linux Control Groups.

Written in C with virtually no dependencies, the software runs on any Linux
computer with a 3.x kernel version or newer. It can sandbox any type of
processes: servers, graphical applications, and even user login sessions.
The software includes sandbox profiles for a number of more common Linux
programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc.

The sandbox is lightweight, the overhead is low. There are no complicated
configuration files to edit, no socket connections open, no daemons running
in the background. All security features are implemented directly in Linux
kernel and available on any Linux computer.
EOF
