How do I `sandbox` an AppImage with SELinux on Silverblue? Command not found

Silverblue 41. Never used any Fedora flavor besides Silverblue. Beginner to intermediate experience with Linux in general. No idea how SELinux works (I have an amateurish knowledge of Firejail though) but I want to start using it.

I want to sandbox an AppImage using SELinux but I cannot seem to find the sandbox command. I searched to web and it looked like it was installed in Fedora by default but running the command throws:

bash: sandbox: command not found

Is there any way to install it (preferably without overlaying packages using rpm-ostree)?

Thank you!

Perhaps you are looking for selinux-policy-sandbox.noarch. How or if it works, I have no idea.

2 Likes

Added silverblue

You need policycoreutils-sandbox and selinux-policy-sandbox.

2 Likes

Added appimage, security

Hey there, welcome to Fedora!

There is a sandboxing method called “aisap” and it is neatly integrated in “AM”, an appimage and binary package manager.

It uses bubblewrap, which is also used for Flatpaks.

If your app doesnt work with that, you would want to look for alternative methods.

1 Like

@dev_null @vekruse So in other words: it is not installed by default and I need to install it overlay it with rpm-ostree install?

Thank you, I will look into it :slight_smile:

As I am not getting any replies anymore I have marked the most detailed answer as the solution even tough I would have liked a more detailed explanation.