Hello everyone!
The last couple of days I’ve been investigating ways to make my installation more “secure”, and one of the options that kept appearing in my searches was activating Apparmor or Firejail (or both). Problem is, I also found statements that say it’s really not necessary installing neither (or at least Apparmor).
So, at this point in 2025, is it really worth installing Apparmor? Or just with Firejail is enough? Or, again, neither and just surfing the web with common sense?
I suppose that depends what you are trying to protect against specifically.
I would argue that a properly configured firejail is in some ways more secure than apparmor when used properly.
That being said, depending on your threat model, neither may be needed.
I usually sail the high seas and, well, do some piracy. With Firejail would be enough?
Maybe you should ask this on, well, some other harbor? I think your “mateys” know more about this. And I’m pretty sure that sailing under the black flag is not allowed here.
2 Likes
Aye aye captain. I’ll ask on other harbors. Thanks for the replies!
No. Firejail uses SUID/GUID to achieve sand boxing. Using firejail on its own will not suffice for your threat model. I would recommend that you pair firejail and apparmor together. Read up on both of these and see how they can be paired up.
Also see if SELinux as a LSM will work for you.
Final thought, you may protect the computer that you are on, using firejail. But your home router, other computers on your LAN might still get infected. Additionaly the biggest problem will come for you when you download something. That is the one of the biggest attack vector that you will have to face apart from privacy/anonymity.
DISCLAIMER: Piracy is a crime and is not suggested to be carried out.
Happy hunting.
Please do not use this forum for discussing piracy, or any illegal activities in general. The relevant section from the forum rules is this one: https://forum.endeavouros.com/faq#stealing
“You may not post descriptions of […] stealing someone’s intellectual property (software, video, audio, images), or for breaking any other law.”
Since this seems to be the primary motivation for starting the topic, I’ll go ahead and close it down here.
Anyone who is interested in further discussing AppArmor or Firejail configuration in general is encouraged to start a new topic. Or, consider chiming in on one of the many other recent related discussions in the forum, for example these ones:
6 Likes