aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar Fred-Barclay <Fred-Barclay@users.noreply.github.com>2017-07-27 07:32:12 -0500
committerLibravatar Fred-Barclay <Fred-Barclay@users.noreply.github.com>2017-07-27 07:32:12 -0500
commit4f25023d8d6582f4b28c046d6de258b58ea53671 (patch)
tree6009c26b76e01a1d3aeec6ac43fe36b112f15b95
parentMerge pull request #1407 from aidalgol/riot-profile (diff)
downloadfirejail-4f25023d8d6582f4b28c046d6de258b58ea53671.tar.gz
firejail-4f25023d8d6582f4b28c046d6de258b58ea53671.tar.zst
firejail-4f25023d8d6582f4b28c046d6de258b58ea53671.zip
Updates after merges
-rw-r--r--README4
-rw-r--r--README.md28
-rw-r--r--RELNOTES2
-rw-r--r--etc/disable-programs.inc1
4 files changed, 20 insertions, 15 deletions
diff --git a/README b/README
index 215bbdb9d..c37e89092 100644
--- a/README
+++ b/README
@@ -42,6 +42,8 @@ Committers
42 42
43Firejail Authors (alphabetical order) 43Firejail Authors (alphabetical order)
44 44
45Aidan Gauland (https://github.com/aidalgol)
46 - added electron and riot-web profiles
45Akhil Hans Maulloo (https://github.com/kouul) 47Akhil Hans Maulloo (https://github.com/kouul)
46 - xz profile 48 - xz profile
47Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) 49Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
@@ -302,6 +304,8 @@ Niklas Haas (https://github.com/haasn)
302 - blacklisting for keybase.io's client 304 - blacklisting for keybase.io's client
303Ondra Nekola (https://github.com/satai) 305Ondra Nekola (https://github.com/satai)
304 - allow firefox theming with non-global themes 306 - allow firefox theming with non-global themes
307Panzerfather (https://github.com/Panzerfather)
308 - allow eog to access user's trash
305Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) 309Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
306 - user namespace implementation 310 - user namespace implementation
307Paupiah Yash (https://github.com/CaffeinatedStud) 311Paupiah Yash (https://github.com/CaffeinatedStud)
diff --git a/README.md b/README.md
index 28e9a876c..724b2e862 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ such as Mozilla Firefox, Chromium, VLC, Transmission etc.
13 13
14The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, 14The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit,
15no socket connections open, no daemons running in the background. All security features are 15no socket connections open, no daemons running in the background. All security features are
16implemented directly in Linux kernel and available on any Linux computer. 16implemented directly in Linux kernel and available on any Linux computer.
17 17
18[![About Firejail](video.png)](http://www.youtube.com/watch?v=Yk1HVPOeoTc) 18[![About Firejail](video.png)](http://www.youtube.com/watch?v=Yk1HVPOeoTc)
19 19
@@ -54,11 +54,11 @@ $ sudo firejail /etc/init.d/nginx start
54Run "firejail --list" in a terminal to list all active sandboxes. Example: 54Run "firejail --list" in a terminal to list all active sandboxes. Example:
55````` 55`````
56$ firejail --list 56$ firejail --list
571617:netblue:/usr/bin/firejail /usr/bin/firefox-esr 571617:netblue:/usr/bin/firejail /usr/bin/firefox-esr
587719:netblue:/usr/bin/firejail /usr/bin/transmission-qt 587719:netblue:/usr/bin/firejail /usr/bin/transmission-qt
597779:netblue:/usr/bin/firejail /usr/bin/galculator 597779:netblue:/usr/bin/firejail /usr/bin/galculator
607874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 607874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4
617916:netblue:firejail --list 617916:netblue:firejail --list
62````` 62`````
63 63
64## Desktop integration 64## Desktop integration
@@ -69,13 +69,13 @@ $ firecfg --fix-sound
69$ sudo firecfg 69$ sudo firecfg
70````` 70`````
71 71
72The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. 72The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9.
73The second command integrates Firejail into your desktop. You would need to logout and login back to apply 73The second command integrates Firejail into your desktop. You would need to logout and login back to apply
74PulseAudio changes. 74PulseAudio changes.
75 75
76Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. 76Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers.
77The integration applies to any program supported by default by Firejail. There are about 250 default applications 77The integration applies to any program supported by default by Firejail. There are about 250 default applications
78in current Firejail version, and the number goes up with every new release. 78in current Firejail version, and the number goes up with every new release.
79We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. 79We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file.
80 80
81## Security profiles 81## Security profiles
@@ -116,7 +116,7 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir
116 116
117## Default seccomp list update 117## Default seccomp list update
118 118
119The following syscalls have been added: 119The following syscalls have been added:
120afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, 120afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read,
121pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, 121pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write,
122security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, 122security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian,
@@ -126,5 +126,5 @@ ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted b
126 126
127## New profiles: 127## New profiles:
128 128
129curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio 129curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy,
130 130IntelliJ IDEA, Android Studio, electron, riot-web
diff --git a/RELNOTES b/RELNOTES
index 860256d2a..6c4c94c6a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,7 +6,7 @@ firejail (0.9.49) baseline; urgency=low
6 * enhancement: default seccomp list update 6 * enhancement: default seccomp list update
7 * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, 7 * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite,
8 * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, 8 * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA,
9 * new profiles: Android Studio 9 * new profiles: Android Studio, electron, riot-web
10 * bugfixes 10 * bugfixes
11 -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500 11 -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500
12 12
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 3c98b8ac3..0a4d4c4cb 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -47,6 +47,7 @@ blacklist ${HOME}/.config/Nylas Mail
47blacklist ${HOME}/.config/Qlipper 47blacklist ${HOME}/.config/Qlipper
48blacklist ${HOME}/.config/QuiteRss 48blacklist ${HOME}/.config/QuiteRss
49blacklist ${HOME}/.config/QuiteRssrc 49blacklist ${HOME}/.config/QuiteRssrc
50blacklist ${HOME}/.config/Riot
50blacklist ${HOME}/.config/Slack 51blacklist ${HOME}/.config/Slack
51blacklist ${HOME}/.config/Thunar 52blacklist ${HOME}/.config/Thunar
52blacklist ${HOME}/.config/VirtualBox 53blacklist ${HOME}/.config/VirtualBox