Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It includes sandbox profiles for Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission, VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent. DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. Firejail also expands the restricted shell facility found in bash by adding Linux namespace support. It supports sandboxing specific users upon login. Download: https://sourceforge.net/projects/firejail/files/ Build and install: ./configure && make && sudo make install Documentation and support: https://firejail.wordpress.com/ Development: https://github.com/netblue30/firejail License: GPL v2 Compile and install mainline version from GitHub: $ git clone https://github.com/netblue30/firejail.git $ cd firejail $ ./configure && make && sudo make install-strip On Debian/Ubuntu you will need to install git and a compiler: $ sudo apt-get install build-essential Maintainer: - netblue30 (netblue30@yahoo.com) Committers - Fred-Barclay (https://github.com/Fred-Barclay) - Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer) - smithsohu (https://github.com/smitsohu) - SkewedZeppelin (https://github.com/SkewedZeppelin) - startx2017 (https://github.com/startx2017) - 0.9.38-LTS and *bugfixes branches maintainer) - Topi Miettinen (https://github.com/topimiettinen) - Vincent43 (https://github.com/Vincent43) - chiraag-nataraj (https://github.com/chiraag-nataraj) - netblue30 (netblue30@yahoo.com) Firejail Authors (alphabetical order) 1dnrr (https://github.com/1dnrr) - add pybitmessage profile Aidan Gauland (https://github.com/aidalgol) - added electron and riot-web profiles Akhil Hans Maulloo (https://github.com/kouul) - xz profile Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) - src/lib/libnetlink.c extracted from iproute2 software package Aleksey Manevich (https://github.com/manevich) - several profile fixes - fix problem with relative path in storage_find function - fix build for systems without bash - fix double quotes/single quotes problem - big rework of argument processing subsystem - --join fixes - spliting up cmdline.c - Busybox support - X11 support rewrite - gether shell selection code in one place - fixed several TOCTOU security problems - added --fix option to firecfg utility - read_pid fix - added --x11=block options - x11 xpra, xphyr, none profile commands - added --join-or-start command - CVE-2016-7545 Alexander Gerasiov (https://github.com/gerasiov) - read-only ~/.ssh/authorized_keys - profile updates Alexander Stein (https://github.com/ajstein) - added profile for qutebrowser Andrey Alekseenko (https://github.com/al42and) - fixing lintian warnings - fixed Skype profile andrew160 (https://github.com/andrew160) - profile and man pages fixes announ (https://github.com/announ) - mpv and youtube-dl profile fixes Antonio Russo (https://github.com/aerusso) - enumerate root directories in apparmor profile - fix join-or-start Austin S. Hemmelgarn (https://github.com/Ferroin) - unbound profile update avoidr (https://github.com/avoidr) - whitelist fix - recently-used.xbel fix - added parole profile - blacklist ncat - hostname support in profile file - Google Chrome profile rework - added cmus profile - man page fixes - add net iface support in profile files - paths fix - lots of profile fixes - added mcabber profile - fixed mpv profile - various other fixes Bader Zaidan (https://github.com/BaderSZ) - Telegram profile Benjamin Kampmann (https://github.com/ligthyear) - Forward exit code from child process bitfreak25 (https://github.com/bitfreak25) - added PlayOnLinux profile - minetest profile fix - added sylpheed profile bn0785ac (https://github.com/bn0785ac) - fixed bnox, dnox profiles - support all tor-browser langpacks - chromium canary (inox-family) fixes - allow multithreading for cin and natron - fix dbus access for libreoffice on KDE - fix inox, add snox profile BogDan Vatra (https://github.com/bog-dan-ro) - zoom profile Bruno Nova (https://github.com/brunonova) - whitelist fix - bash arguments fix Bundy01 (https://github.com/Bundy01) - fixup geary - add gradio profile BytesTuner (https://github.com/BytesTuner) - provided keepassxc profile caoliver (https://github.com/caoliver) - network system fixes Cat (https://github.com/ecat3) - prevent tmux connecting to an existing session creideiki (https://github.com/creideiki) - make the sandbox process reap all children chiraag-nataraj (https://github.com/chiraag-nataraj) - support for newer Xpra versions (2.1+) - added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles - added freecad, google-earth, imagej, kdenlive, linphone, lmms profiles - added macrofusion, mpd, natron, ricochet, shotcut, tor-browser-en profiles - added tor, x-terminal-emulator, zart profiles Christian Stadelmann (https://github.com/genodeftest) - profile fixes - evolution profile fix Clayton Williams (https://github.com/gosre) - addition of RLIMIT_AS crass (https://github.com/crass) - extract_command_name fixes curiosity-seeker (https://github.com/curiosity-seeker) - tightening unbound and dnscrypt-proxy profiles - correct and tighten QuiteRss profile - dnsmasq profile - okular and gwenview profiles - cherrytree profile fixes - added quiterss profile - added guayadeque profile - added VirtualBox.profile - various other profile fixes - added digiKam profile da2x (https://github.com/da2x) - matched RPM license tag Daan Bakker (https://github.com/dbakker) - protect shell startup files Danil Semelenov (https://github.com/sgtpep) - blacklist the Electron Cash Wallet - blacklist s3cmd and s3fs configs - blacklist Ethereum, Monero wallets - blacklist Dash Core wallet Dara Adib (https://github.com/daradib) - ssh profile fix - evince profile fix Deelvesh Bunjun (https://github.com/DeelveshBunjun) - added xpdf profile dewbasaur (https://github.com/dewbasaur) - block access to history files - Firefox PDF.js exploit (CVE-2015-4495) fixes - Steam profile DiGitHubCap (https://github.com/DiGitHubCap) - deluge profile fix dshmgh (https://github.com/dshmgh) - overlayfs fix for systems with /home mounted on a separate partition Duncan Overbruck (https://github.com/Duncaen) - musl libc fix - utmp fix - fix install for --disable-seccomp software configurations emacsomancer (https://github.com/emacsomancer) - added profile for Conkeror browser eventyrer (https://github.com/eventyrer) - update gnome-mplayer.profile Fabian Würfl (https://github.com/BafDyce) - fixed race condition when creating a new directory - Liferea profile Felipe Barriga Richards (https://github.com/fbarriga) - --private-etc fix floxo (https://github.com/floxo) - fixed qml disk cache issue Franco (nextime) Lanza (https://github.com/nextime) - added --private-template/--private-home fuelflo (https://github.com/fuelflo) - added rambox profile Fred-Barclay (https://github.com/Fred-Barclay) - lots of profile fixes - added Vivaldi, Atril profiles - added PaleMoon profile - split Icedove and Thunderbird profiles - added 0ad profile - fixed version for .deb packages - added Warzone2100 profile - blacklisted VeraCrypt - added Gpredict profile - added Aweather, Stellarium profiles - fixed HexChat and Atril profiles - fixed disable-common.inc for mate-terminal - blacklisted escape-happy terminals in disable-common.inc - blacklisted g++ - added xplayer, xreader, and xviewer profiles - added Brave profile - added Gitter profile - various organising - added LibreOffice profile - added pix profile - added audacity profile - fixed Telegram and qtox profiles - added Atom Beta and Atom profiles - tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles - several private-bin conversions - added jitsi profile - pidgin private-bin conversion - added eom profile - added gnome-chess profile - added DOSBox profile - evince profile enhancement - tightened Spotify profile - added xiphos and Tor Browser Bundle profiles - added xed and pluma profiles - added Cryptocat profile - added wireshark profile - uudeview profile fix - fixed palemoon and qbittorrent profiles - compile/install scripts for --git-install/--git-uninstall commands - tighten keepassx - added Thunar profile - added mousepad, qpicview, and cvlc profiles - added BibleTime profile - added caja and galculator profiles - added Catfish profile Frederik Olesen (https://github.com/Freso) - added many vim profiles g3ngr33n (https://github.com/g3ngr33n) - fix musl compilation G4JC (https://sourceforge.net/u/gaming4jc/profile/) - ARM support - profile fixes Gaman Gabriel (https://github.com/stelariusinfinitek) - inox profile geg2048 (https://github.com/geg2048) - kwallet profile fixes glitsj16 (https://github.com/glitsj16) - evince-previewer, evince-thumbnailer profiles - gnome-recipes, gnome-logs profiles - fixed private-lib for gnome-calculator - gunzip, bunzip2 profiles - enchant, enchat-2, enchant-lsmod, enchant-lsmod-2 profiles - atool, soundconvertor, mpd, gnome-calculator, makepkg profile fixes - acat, adiff, als, apack, arepack, aunpack profiles, - fix sqlitebrowser blacklist - spelling fixes - bitblbee profile fixes - fix firefox common addons graywolf (https://github.com/graywolf) - spelling fix greigdp (https://github.com/greigdp) - Gajim IM client profile - fixed spotify profile - added Slack profile - add Spotify profile GSI (https://github.com/GSI) - added Uzbl browser profile hamzadis (https://github.com/hamzadis) - added --overlay-named=name and --overlay-path=path hawkey116477 (https://github.com/hawkeye116477) - added Waterfox profile - updated Cyberfox profile - updated Waterfox profile Helmut Grohne (https://github.com/helmutg) - compiler support in the build system - Debian bug #869707 Holger Heinz (https://github.com/hheinz) - manpage work Icaro Perseo (https://github.com/icaroperseo) - Icecat profile - several profile fixes Igor Bukanov (https://github.com/ibukanov) - found/fiixed privilege escalation in --hosts-file option iiotx (https://github.com/iiotx) - use generic.profile by default Impyy (https://github.com/Impyy) - added mumble profile intika (https://github.com/intika) - added musixmatch profile irregulator (https://github.com/irregulator) - thunderbird profile fixes for debian stretch Irvine (https://github.com/Irvinehimself) - added conky profile - added ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch) profiles Ivan Kozik (https://github.com/ivan) - speed up sandbox exit Jaykishan Mutkawoa (https://github.com/jmutkawoa) - cpio profile James Elford (https://github.com/jelford) - pass password manager support - removed shell none from ssh-agent configuration, fixing the infinit loop - added gcloud profile - blacklist sensitive cloud provider files in disable-common Jean Lucas (https://github.com/flacks) - fix Discord profile - add AnyDesk profile - add WebStorm profile - add XMind profile - add nvm to list of disabled interpreters - fixes for tor-browser-* profiles - alias for riot-desktop - add gnome-mpv profile - fix wire profile - add Beaker profile - fixes for gnome-music Jericho (https://github.com/attritionorg) - spelling Jesse Smith (https://github.com/slicer69) - added QupZilla profile jgriffiths (https://github.com/jgriffiths) - make rpm packages support Joan Figueras (https://github.com/figue) - added abrowser profile - added Google-Play-Music-Desktop-Player - added cyberfox profile John Mullee (https://github.com/jmullee) - fix empty-string assignment in whitelisting code Jonas Heinrich (https://github.com/onny) - added signal-desktop profile - fixed franz profile jrabe (https://github.com/jrabe) - disallow access to kdbx files - Epiphany profile - Polari profile - qTox profile - X11 fixes juan (https://github.com/nyancat18) - fixed Kdenlive, Shotcut profiles - new profiles for Cinelerra, Cliqz, Bluefish - profile hardening Kaan Genç (https://github.com/SeriousBug) - dynamic allocation of noblacklist buffer KellerFuchs (https://github.com/KellerFuchs) - nonewpriv support, extended profiles for this feature - make `restricted-network` prevent use of netfilter - disable-common.inc additions - make mutt and msmtp's rc files read-only - added support for .local profile files in /etc/firejail - fixed Cryptocat profile - make ~/.local read-only Kishore96in (https://github.com/Kishore96in) - added falkon profile KOLANICH (https://github.com/KOLANICH) - added symlink fixer fix_private-bin.py in contrib section Kunal Mehta (https://github.com/legoktm) - converted all links to https in manpages laniakea64 (https://github.com/laniakea64) - added fj-mkdeb.py script to build deb packages Lari Rauno (https://github.com/tuutti) - qutebrowser profile fixes Laurent Declercq (https://github.com/nuxwin) - fixed test for shell interpreter in chroots LaurentGH (https://github.com/LaurentGH) - allow private-bin parameters to be absolute paths Loïc Damien (https://github.com/dzamlo) - small fixes maces (https://github.com/maces) - Franz messenger profile Madura A (https://github.com/manushanga) - floader mahdi1234 (https://github.com/mahdi1234) - cherrytree profile - Seamonkey profiles Martin Carpenter (https://github.com/mcarpenter) - security audit and bug fixes - Centos 6.x support Martin Dosch (spam-debian@mdosch.de) - support for gnome-shell integration addon in Firefox (Bug-Debian: https://bugs.debian.org/872720) Matt Parnell (https://github.com/ilikenwf) - whitelisting for core firefox related functionality Mattias Wadman (https://github.com/wader) - seccomp errno filter support Matthew Gyurgyik (https://github.com/pyther) - rpm spec and several fixes matu3ba (https://github.com/matu3ba) - evince hardening, dbus removed maxice8 (https://github.com/maxice8) - fixed missing header Melvin Vermeeren (https://github.com/melvinvermeeren) - added teamspeak3 profile - added --noautopulse command line option Michael Haas (https://github.com/mhaas) - bugfixes Mike Frysinger (vapier@gentoo.org) - Gentoo compile patch mjudtmann (https://github.com/mjudtmann) - lock firejail configuration in disable-mgmt.inc mustaqimM (https://github.com/mustaqimM) - added profile for Nylas Mail n1trux (https://github.com/n1trux) - fix flashpeak-slimjet profile typos netblue30 (netblue30@yahoo.com) Niklas Haas (https://github.com/haasn) - blacklisting for keybase.io's client nyancat18 (https://github.com/nyancat18) - added ardour4, dooble, karbon, krita profiles Ondra Nekola (https://github.com/satai) - allow firefox theming with non-global themes Panzerfather (https://github.com/Panzerfather) - allow eog to access user's trash Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/) - user namespace implementation Paul Moore -src/fsec-print/print.c extracted from libseccomp software package Paupiah Yash (https://github.com/CaffeinatedStud) - gzip profile Peter Millerchip (https://github.com/pmillerchip) - memory allocation fix - --private.keep to --private-home transition - support for files and directories starting with ~ in blacklist option - support for files and directories with spaces in blacklist option - lots of other fixes - implement the --allow-private-blacklist option Peter Hogg (https://github.com/pigmonkey) - WeeChat profile - rtorrent profile - bitlbee profile fixes - mutt profile fixes - fixes for youtube-dl in mpv profile Petter Reinholdtsen (pere@hungry.com) - Opera profile patch PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb) - fix quiterss profile - added profile for gnome-ring pirate486743186 (https://github.com/pirate486743186) - KMail profile Pixel Fairy (https://github.com/xahare) - added fjclip.py, fjdisplay.py and fjresize.py in contrib section PizzaDude (https://github.com/pizzadude) - add mpv support to smplayer - added profile for torbrowser-launcher - added profile for sayonara and qmmp - remove tracelog from Firefox profile probonopd (https://github.com/probonopd) - automatic build on Travis CI pshpsh (https://github.com/pshpsh) - added FossaMail profile pstn (https://github.com/pstn) - added install-strip, make install without strip pszxzsd (https://github.com/pszxzsd) -uGet profile pwnage-pineapple (https://github.com/pwnage-pineapple) - update Okular profile Rafael Cavalcanti (https://github.com/rccavalcanti) - chromium profile fixes for Arch Linux Rahiel Kasim (https://github.com/rahiel) - Mathematica profile - whitelisted Dropbox profile - whitelisted keysnail config for firefox - added telegram-desktop profile Rahul Golam (https://github.com/technoLord) - strings profile Raphaël Droz (https://github.com/drzraf) - zoom profile fixes Reiner Herrmann (https://github.com/reinerh) - a number of build patches - man page fixes - Debian and Ubuntu integration - clang-analyzer fixes - Debian reproducible build - unit testing framework - moved build to .xz - detached signatures for source archive - recursive mkdir Remco Verhoef (https://github.com/nl5887) - add overlay configuration to profiles - prevent running shells recursively RD PROJEKT (https://github.com/RDProjekt) - noblacklist support for /sys/module directory - whitelist support for /sys/module directory - support AMD GPU by OpenCL in Blender rogshdo (https://github.com/rogshdo) - BitlBee profile Ruan (https://github.com/ruany) - fixed hexchat profile Salvo 'LtWorf' Tomaselli (https://github.com/ltworf) - fixed ktorrent profile sarneaud (https://github.com/sarneaud) - rewrite globbing code to fix various minor issues - added noblacklist command for profile files - various enhancements and bug fixes Sergey Alirzaev (https://github.com/l29ah) - firejail.h enum fix Simon Peter (https://github.com/probonopd) - set $APPIMAGE and $APPDIR environment variables - AppImage version detection - Leafppad type v1 and v2 appimage packages in test/appimage - GitHub/Travis CI integration sinkuu (https://github.com/sinkuu) - blacklisting kwalletd - fix symlink invocation for programs placing symlinks in $PATH smithsohu (https://github.com/smitsohu) - read-only kde4 services directory - enhanced mediathekview profile - added tuxguitar profile - removed nodvd from k3b profile - lots of profile hardening and fixes - added MuseScore profile - fixed device discovery for simple-scan - add novideo support in many profiles - improve server profiles, harden musescore - snap profile cleanup - tighten some capability sets further - enhance mutt, goobox, baloo and clementine profiles soredake (https://github.com/soredake) - fix steam startup with >=llvm-4 - fix handling of STEAM_RUNTIME_PREFER_HOST_LIBRARIES in steam profile - fix keepassxc.profile - fix qtox.profile - add ocaltime to private-etc to make qtox show correct time - fixes for the keepassxc 2.2.5 version SkewedZeppelin (https://github.com/SkewedZeppelin) - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles - added PDFSam, Pithos, and Xonotic profiles - disabled Go, Rust, and OpenSSL in disable-devel.conf - added dino profile - added Kodi profile - lots of profile tightening - added viking, youtube-dl, meld profiles - added Arduino profile - lots of profile hardening and fixing - firecfg enhancements - fixed vlc profile - fixed wget profile - fixed firecfg.config file - added novideo and disable-mnt support in all profile files - added Peek and silent profiles - added IntelliJ IDEA and Android Studio profiles - added arm profile - lots of profile improvements/tightening - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter, sqlitebrowser, and truecraft profiles - added gnome-twitch profile - Unified all 341 profiles - profile tightening with private-bin - fix notv and nodvd placement - added novideo and noexec /tmp to Tor browser profile - fixed Gnome 2048 on wayland - added Neverball profile - hardern /var - profile standard layout - Spotify and itch.io profile fixes sshirokov (https://sourceforge.net/u/yshirokov/profile/) - Patch to output "Reading profile" to stderr instead of stdout SYN-cook (https://github.com/SYN-cook) - keepass/keepassx browser fixes - disable-common.inc fixes - blacklist GNOME keyring and Konqueror - fixed Keepass(x) profiles - Engrampa profile - Scribus profile - autostart blacklist for KDE - blacklist startup scripts - various profile updates - blacklist lots of KDE files - blacklist nautilus and nemo in ~/.local/share/ - added mediathekview profile - blacklist attic and borg - cleaned up Okular and Gwenview profiles - added baloo_file profile - k3b profile update - noexec changes - gnome-calculator changes startx2017 (https://github.com/startx2017) - syscall list update - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old - enable/disable join support in /etc/firejail/firejail.config - firecfg fix: create ~/.local/share/applications directory if it doesn't exist - firejail.config cleanup - --quiet fixes - bugfixes branches maintainer - firemon --top speed-up - Blender and 2048-qt profiles - handbrake profile - mplayer and smplayer profiles - kwrite and geary profiles thewisenerd (https://github.com/thewisenerd) - allow multiple private-home commands - use $SHELL variable if the shell is not specified - appimage: pass commandline arguments Thomas Jarosch (https://github.com/thomasjfox) - disable keepassx in disable-passwdmgr.inc - added uudeview profile - added tar (gtar), unzip and unrar profile - added file profile - improved profile list - fixed small variable glitch in stat64() / lstat64() (libtracelog) - added lstat() / lstat64() support to libtrace - include mkuid.sh in make dist - cppcheck bugfixes Tom Mellor (https://github.com/kalegrill) - mupen64plus profile Tomasz Jan Góralczyk (https://github.com/tjg) - fixed Steam profile Topi Miettinen (https://github.com/topimiettinen) - improved seccomp printing - improve mount handling, fix /run/user handling - /proc/sys can be nosuid,noexec,nodev - seccomp default list update - improve loading of seccomp filter and memory-deny-write-execute feature - private-lib feature user1024 (user1024@tut.by) - electron profile whitelisting - fixed Rocket.Chat profile - nheko profile valoq (https://github.com/valoq) - lots of profile fixes - added support for /srv in --whitelist feature - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles - blacklist suid binaries in disable-common.inc - fix man pages - added keypass2, qemu profiles - added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles - added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles - added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles - added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles - added wget profile - disable gnupg and systemd directories under /run/user - added iridium browser profile Vadim A. Misbakh-Soloviov (https://github.com/msva) - profile fixes ValdikSS (https://github.com/ValdikSS) - Psi+, Corebird, Konversation profiles - various profile fixes Vasya Novikov (https://github.com/vn971) - Wesnoth profile - Hedegewars profile - manpage fixes - fixed firecfg clean/clear issue - found the ugliest bug so far - seccomp debug description in man page - seccomp syscall list update for glibc 2.26-10 Veeti Paananen (https://github.com/veeti) - fixed Spotify profile veloute (https://github.com/veloute) - added standardnotes profile - added flameshot profile - added jdownloader profile - fixed discord profile Vincent43 (https://github.com/Vincent43) - apparmor enhancements vismir2 (https://github.com/vismir2) - feh, ranger, 7z, keepass, keepassx and zathura profiles - claws-mail, mutt, git, emacs, vim profiles - lots of profile fixes - support for truecrypt and zuluCrypt viq (https://github.com/viq) - discord-canary profile Vladimir Gorelov (https://github.com/larkvirtual) - added Yandex browser profile Vladimir Schowalter (https://github.com/VladimirSchowalter20) - apparmor profile enhancements - various KDE profile enhancements read-only kde5 services directory xee5ch (https://github.com/xee5ch) - skypeforlinux profile yumkam (https://github.com/yumkam) - add compile-time option to restrict --net= to root only - man page fixes Zack Weinberg (https://github.com/zackw) - added support for joining a persistent, named network namespace - removed libconnect - fixed memory corruption in noblacklist processing - rework DISPLAY environment parsing - rework masking X11 sockets in /tmp/.X11-unix directory - rework xpra and xephyr detection - rework abstract X11 socket detection - rework X11 display number assignment - rework X11 xorg processing - rework fcopy, --follow-link support in fcopy - follow link support in --private-bin - wait_for_other function rewrite - Xvfb X11 server support - Xvfb and Xephyr profiles, modified Xpra profile - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started with firejail --x11 - support for xpra-extra-params in firejail.config Copyright (C) 2014-2017 Firejail Authors