diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-23 17:48:00 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 13:51:25 -0300 |
commit | 331158da03624e96000e02610f9bae358a34b810 (patch) | |
tree | 64acf878e06daec2ad29c0e64361a04844bee737 | |
parent | docs: fix misc texts/formatting (diff) | |
download | firejail-331158da03624e96000e02610f9bae358a34b810.tar.gz firejail-331158da03624e96000e02610f9bae358a34b810.tar.zst firejail-331158da03624e96000e02610f9bae358a34b810.zip |
docs: line-wrap some long lines
-rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 9 | ||||
-rw-r--r-- | .github/pull_request_template.md | 6 | ||||
-rw-r--r-- | CONTRIBUTING.md | 7 | ||||
-rw-r--r-- | README | 27 | ||||
-rw-r--r-- | README.md | 25 |
5 files changed, 48 insertions, 26 deletions
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 53066013d..fc74640d4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md | |||
@@ -22,7 +22,8 @@ _Describe the bug_ | |||
22 | 22 | ||
23 | _Steps to reproduce the behavior_ | 23 | _Steps to reproduce the behavior_ |
24 | 24 | ||
25 | 1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) | 25 | 1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent |
26 | output in English that can be understood by everybody) | ||
26 | 2. Click on '....' | 27 | 2. Click on '....' |
27 | 3. Scroll down to '....' | 28 | 3. Scroll down to '....' |
28 | 4. See error `ERROR` | 29 | 4. See error `ERROR` |
@@ -37,7 +38,8 @@ _What actually happened_ | |||
37 | 38 | ||
38 | ### Behavior without a profile | 39 | ### Behavior without a profile |
39 | 40 | ||
40 | _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ | 41 | _What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a |
42 | terminal?_ | ||
41 | 43 | ||
42 | ### Additional context | 44 | ### Additional context |
43 | 45 | ||
@@ -47,7 +49,8 @@ _Any other detail that may help to understand/debug the problem_ | |||
47 | 49 | ||
48 | - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") | 50 | - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") |
49 | - Firejail version (`firejail --version`). | 51 | - Firejail version (`firejail --version`). |
50 | - If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). | 52 | - If you use a development version of firejail, also the commit from which it |
53 | was compiled (`git rev-parse HEAD`). | ||
51 | 54 | ||
52 | ### Checklist | 55 | ### Checklist |
53 | 56 | ||
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index faa2a4108..ecc5be304 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md | |||
@@ -1,6 +1,8 @@ | |||
1 | If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR. | 1 | If your PR isn't about profiles or you have no idea how to do one of these, |
2 | skip the following and go ahead with this PR. | ||
2 | 3 | ||
3 | If you submit a PR for new profiles or changing profiles, please do the following: | 4 | If you submit a PR for new profiles or changing profiles, please do the |
5 | following: | ||
4 | 6 | ||
5 | - The ordering of options follow the rules described in | 7 | - The ordering of options follow the rules described in |
6 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) | 8 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a9cdfbc0f..ebc4d3a20 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -4,8 +4,8 @@ Welcome to firejail, and thank you for your interest in contributing! | |||
4 | 4 | ||
5 | ## Opening an issue | 5 | ## Opening an issue |
6 | 6 | ||
7 | We welcome issues, whether to ask a question, provide information, request a new profile or | 7 | We welcome issues, whether to ask a question, provide information, request a |
8 | feature, or to report a suspected bug or problem. | 8 | new profile or feature, or to report a suspected bug or problem. |
9 | 9 | ||
10 | If you want to request a program profile that we don't already have, please add | 10 | If you want to request a program profile that we don't already have, please add |
11 | a comment in our dedicated issue: | 11 | a comment in our dedicated issue: |
@@ -62,4 +62,5 @@ If you add a new command, here's the checklist: | |||
62 | 62 | ||
63 | ## Editing the wiki | 63 | ## Editing the wiki |
64 | 64 | ||
65 | You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki). | 65 | You are highly encouraged to add your own tips and tricks to the |
66 | [wiki](https://github.com/netblue30/firejail/wiki). | ||
@@ -59,7 +59,8 @@ Committers: | |||
59 | - rusty-snake (https://github.com/rusty-snake) | 59 | - rusty-snake (https://github.com/rusty-snake) |
60 | - smitsohu (https://github.com/smitsohu) | 60 | - smitsohu (https://github.com/smitsohu) |
61 | - SkewedZeppelin (https://github.com/SkewedZeppelin) | 61 | - SkewedZeppelin (https://github.com/SkewedZeppelin) |
62 | - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer) | 62 | - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches |
63 | maintainer) | ||
63 | - Topi Miettinen (https://github.com/topimiettinen) | 64 | - Topi Miettinen (https://github.com/topimiettinen) |
64 | - veloute (https://github.com/veloute) | 65 | - veloute (https://github.com/veloute) |
65 | - Vincent43 (https://github.com/Vincent43) | 66 | - Vincent43 (https://github.com/Vincent43) |
@@ -317,7 +318,8 @@ curiosityseeker (https://github.com/curiosityseeker - new) | |||
317 | - updated keypassxc profile | 318 | - updated keypassxc profile |
318 | - added syscalls.sh, which determine the necessary syscalls for a program | 319 | - added syscalls.sh, which determine the necessary syscalls for a program |
319 | - fixed conky profile | 320 | - fixed conky profile |
320 | - thunderbird.profile: harden and enable the rules necessary to make Firefox open links | 321 | - thunderbird.profile: harden and enable the rules necessary to make |
322 | Firefox open links | ||
321 | da2x (https://github.com/da2x) | 323 | da2x (https://github.com/da2x) |
322 | - matched RPM license tag | 324 | - matched RPM license tag |
323 | Daan Bakker (https://github.com/dbakker) | 325 | Daan Bakker (https://github.com/dbakker) |
@@ -362,7 +364,8 @@ Disconnect3d (https://github.com/disconnect3d) | |||
362 | dm9pZCAq (https://github.com/dm9pZCAq) | 364 | dm9pZCAq (https://github.com/dm9pZCAq) |
363 | - fix for compilation under musl | 365 | - fix for compilation under musl |
364 | dmfreemon (https://github.com/dmfreemon) | 366 | dmfreemon (https://github.com/dmfreemon) |
365 | - add sandbox name or name of private directory to the window title when xpra is used | 367 | - add sandbox name or name of private directory to the window title |
368 | when xpra is used | ||
366 | - handle malloc() failures; use gnu_basename() instead of basenaem() | 369 | - handle malloc() failures; use gnu_basename() instead of basenaem() |
367 | Dmitriy Chestnykh (https://github.com/chestnykh) | 370 | Dmitriy Chestnykh (https://github.com/chestnykh) |
368 | - add ability to disable user profiles at compile time | 371 | - add ability to disable user profiles at compile time |
@@ -1034,7 +1037,8 @@ soredake (https://github.com/soredake) | |||
1034 | - add localtime to private-etc to make qtox show correct time | 1037 | - add localtime to private-etc to make qtox show correct time |
1035 | - fixes for the keepassxc 2.2.5 version | 1038 | - fixes for the keepassxc 2.2.5 version |
1036 | SkewedZeppelin (https://github.com/SkewedZeppelin) | 1039 | SkewedZeppelin (https://github.com/SkewedZeppelin) |
1037 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles | 1040 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, |
1041 | Lollypop, MultiMC5 profiles | ||
1038 | - added PDFSam, Pithos, and Xonotic profiles | 1042 | - added PDFSam, Pithos, and Xonotic profiles |
1039 | - disabled Go, Rust, and OpenSSL in disable-devel.conf | 1043 | - disabled Go, Rust, and OpenSSL in disable-devel.conf |
1040 | - added dino profile | 1044 | - added dino profile |
@@ -1052,7 +1056,8 @@ SkewedZeppelin (https://github.com/SkewedZeppelin) | |||
1052 | - added IntelliJ IDEA and Android Studio profiles | 1056 | - added IntelliJ IDEA and Android Studio profiles |
1053 | - added arm profile | 1057 | - added arm profile |
1054 | - lots of profile improvements/tightening | 1058 | - lots of profile improvements/tightening |
1055 | - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, | 1059 | - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, |
1060 | sdat2img, | ||
1056 | soundconverter, sqlitebrowser, and truecraft profiles | 1061 | soundconverter, sqlitebrowser, and truecraft profiles |
1057 | - added gnome-twitch profile | 1062 | - added gnome-twitch profile |
1058 | - Unified all 341 profiles | 1063 | - Unified all 341 profiles |
@@ -1089,10 +1094,12 @@ SYN-cook (https://github.com/SYN-cook) | |||
1089 | - gnome-calculator changes | 1094 | - gnome-calculator changes |
1090 | startx2017 (https://github.com/startx2017) | 1095 | startx2017 (https://github.com/startx2017) |
1091 | - syscall list update | 1096 | - syscall list update |
1092 | - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, | 1097 | - updated default seccomp filters - added bpf, clock_settime, |
1093 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | 1098 | personality, process_vm_writev, query_module, settimeofday, stime, |
1099 | umount, userfaultfd, ustat, vm86, and vm86old | ||
1094 | - enable/disable join support in /etc/firejail/firejail.config | 1100 | - enable/disable join support in /etc/firejail/firejail.config |
1095 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist | 1101 | - firecfg fix: create ~/.local/share/applications directory if it |
1102 | doesn't exist | ||
1096 | - firejail.config cleanup | 1103 | - firejail.config cleanup |
1097 | - --quiet fixes | 1104 | - --quiet fixes |
1098 | - bugfixes branches maintainer | 1105 | - bugfixes branches maintainer |
@@ -1254,8 +1261,8 @@ Zack Weinberg (https://github.com/zackw) | |||
1254 | - wait_for_other function rewrite | 1261 | - wait_for_other function rewrite |
1255 | - Xvfb X11 server support | 1262 | - Xvfb X11 server support |
1256 | - Xvfb and Xephyr profiles, modified Xpra profile | 1263 | - Xvfb and Xephyr profiles, modified Xpra profile |
1257 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started | 1264 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes |
1258 | with firejail --x11 | 1265 | when started with firejail --x11 |
1259 | - support for xpra-extra-params in firejail.config | 1266 | - support for xpra-extra-params in firejail.config |
1260 | zupatisc (https://github.com/zupatisc) | 1267 | zupatisc (https://github.com/zupatisc) |
1261 | - patch-util fix | 1268 | - patch-util fix |
@@ -74,11 +74,14 @@ See [SECURITY.md](SECURITY.md). | |||
74 | 74 | ||
75 | ### Debian | 75 | ### Debian |
76 | 76 | ||
77 | Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package. | 77 | Debian stable (bullseye): We recommend to use the |
78 | [backports](https://packages.debian.org/bullseye-backports/firejail) package. | ||
78 | 79 | ||
79 | ### Ubuntu | 80 | ### Ubuntu |
80 | 81 | ||
81 | For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly advised** to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). | 82 | For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly |
83 | advised** to use the | ||
84 | [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). | ||
82 | 85 | ||
83 | How to add and install from the PPA: | 86 | How to add and install from the PPA: |
84 | 87 | ||
@@ -88,10 +91,12 @@ sudo apt-get update | |||
88 | sudo apt-get install firejail firejail-profiles | 91 | sudo apt-get install firejail firejail-profiles |
89 | ``` | 92 | ``` |
90 | 93 | ||
91 | Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad: | 94 | Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to |
95 | CVE-2021-26910 for months after a patch for it was posted on Launchpad: | ||
92 | 96 | ||
93 | * [CVE-2021-26910](https://github.com/advisories/GHSA-2q4h-h5jp-942w) | 97 | * [CVE-2021-26910](https://github.com/advisories/GHSA-2q4h-h5jp-942w) |
94 | * [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767) | 98 | * [firejail version in Ubuntu 20.04 LTS is vulnerable to |
99 | CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767) | ||
95 | 100 | ||
96 | See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: | 101 | See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: |
97 | 102 | ||
@@ -102,12 +107,15 @@ See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: | |||
102 | > the Ubuntu Security team for the life of an Ubuntu release, while binary | 107 | > the Ubuntu Security team for the life of an Ubuntu release, while binary |
103 | > packages in universe and multiverse are supported by the Ubuntu community. | 108 | > packages in universe and multiverse are supported by the Ubuntu community. |
104 | 109 | ||
105 | Additionally, the PPA version is likely to be more recent and to contain more profile fixes. | 110 | Additionally, the PPA version is likely to be more recent and to contain more |
111 | profile fixes. | ||
106 | 112 | ||
107 | See the following discussions for details: | 113 | See the following discussions for details: |
108 | 114 | ||
109 | * [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666) | 115 | * [Should I keep using the version of firejail available in my distro |
110 | * [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663) | 116 | repos?](https://github.com/netblue30/firejail/discussions/4666) |
117 | * [How to install the latest version on Ubuntu and | ||
118 | derivatives](https://github.com/netblue30/firejail/discussions/4663) | ||
111 | 119 | ||
112 | ### Other | 120 | ### Other |
113 | 121 | ||
@@ -149,7 +157,8 @@ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | |||
149 | 157 | ||
150 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). | 158 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). |
151 | 159 | ||
152 | Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). | 160 | Detailed information on using firejail from git is available on the |
161 | [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). | ||
153 | 162 | ||
154 | ## Running the sandbox | 163 | ## Running the sandbox |
155 | 164 | ||