diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 04:26:59 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 13:52:11 -0300 |
commit | a516247a1c2715b98c8b6281cbd76d5399f51540 (patch) | |
tree | 41053cf10af48caa759768eac14ab209b6016bd0 | |
parent | docs: line-wrap some long lines (diff) | |
download | firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.tar.gz firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.tar.zst firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.zip |
docs: line-wrap markdown and use double-spacing
Use two spaces to separate sentences to make the source easier to read
in monospace fonts (such as when editing or reviewing it), especially
for longer paragraphs. The HTML output should still look the same.
Misc: This also removes source-level ambiguity regarding abbreviations
(such as "Mr.") vs the end of sentences and enables moving between
sentences in vi with `(` and `)`, for example.
-rw-r--r-- | .github/pull_request_template.md | 2 | ||||
-rw-r--r-- | CONTRIBUTING.md | 15 | ||||
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | README.md | 50 |
4 files changed, 38 insertions, 33 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ecc5be304..4a7998e87 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md | |||
@@ -7,7 +7,7 @@ following: | |||
7 | - The ordering of options follow the rules described in | 7 | - The ordering of options follow the rules described in |
8 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) | 8 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) |
9 | (/usr/share/doc/firejail/profile.template when installed). | 9 | (/usr/share/doc/firejail/profile.template when installed). |
10 | - Order the arguments of options alphabetically. You can easily do this with | 10 | - Order the arguments of options alphabetically. You can easily do this with |
11 | [sort.py](../blob/master/contrib/sort.py). | 11 | [sort.py](../blob/master/contrib/sort.py). |
12 | 12 | ||
13 | The path to it depends on your distro: | 13 | The path to it depends on your distro: |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ebc4d3a20..1ae293264 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -15,17 +15,18 @@ a comment in our dedicated issue: | |||
15 | When submitting a bug report, please provide the following information so that | 15 | When submitting a bug report, please provide the following information so that |
16 | we can handle the report more easily: | 16 | we can handle the report more easily: |
17 | 17 | ||
18 | - firejail version. If you're not sure, open a terminal and type `firejail --version`. | 18 | - firejail version. If you're not sure, open a terminal and type `firejail |
19 | --version`. | ||
19 | - Linux distribution (so that we can try to reproduce it, if necessary). | 20 | - Linux distribution (so that we can try to reproduce it, if necessary). |
20 | - If you know that the problem did not exist in an earlier version of firejail, please mention it. | 21 | - If you know that the problem did not exist in an earlier version of firejail, |
21 | - If you are reporting that a program does not work with firejail, please also run firejail with | 22 | please mention it. |
22 | the `--noprofile` argument. | 23 | - If you are reporting that a program does not work with firejail, please also |
23 | For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and | 24 | run firejail with the `--noprofile` argument. For example, if `firejail |
25 | firefox` does not work, please also run `firejail --noprofile firefox` and | ||
24 | let us know if it runs correctly or not. | 26 | let us know if it runs correctly or not. |
25 | - You may also try disabling various options provided in | 27 | - You may also try disabling various options provided in |
26 | `/etc/firejail/<ProgramName.profile>` until you find out which one causes | 28 | `/etc/firejail/<ProgramName.profile>` until you find out which one causes |
27 | problems. | 29 | problems. It will significantly help in finding a solution for your issue. |
28 | It will significantly help in finding a solution for your issue. | ||
29 | 30 | ||
30 | Please note: If you are running Debian, Ubuntu, Linux Mint, or another related | 31 | Please note: If you are running Debian, Ubuntu, Linux Mint, or another related |
31 | distribution and you installed firejail from your distro's repositories, please | 32 | distribution and you installed firejail from your distro's repositories, please |
@@ -8,7 +8,7 @@ Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, | |||
8 | FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. | 8 | FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. |
9 | 9 | ||
10 | Firejail also expands the restricted shell facility found in bash by adding | 10 | Firejail also expands the restricted shell facility found in bash by adding |
11 | Linux namespace support. It supports sandboxing specific users upon login. | 11 | Linux namespace support. It supports sandboxing specific users upon login. |
12 | 12 | ||
13 | Download: https://sourceforge.net/projects/firejail/files/ | 13 | Download: https://sourceforge.net/projects/firejail/files/ |
14 | Build and install: ./configure && make && sudo make install | 14 | Build and install: ./configure && make && sudo make install |
@@ -28,7 +28,7 @@ Compile and install the mainline version from GitHub: | |||
28 | cd firejail | 28 | cd firejail |
29 | ./configure && make && sudo make install-strip | 29 | ./configure && make && sudo make install-strip |
30 | 30 | ||
31 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development | 31 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
32 | libraries and pkg-config are required when using the --enable-apparmor | 32 | libraries and pkg-config are required when using the --enable-apparmor |
33 | ./configure option: | 33 | ./configure option: |
34 | 34 | ||
@@ -5,20 +5,24 @@ | |||
5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) | 5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) |
6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) | 6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) |
7 | 7 | ||
8 | Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting | 8 | Firejail is a SUID sandbox program that reduces the risk of security breaches |
9 | the running environment of untrusted applications using Linux namespaces, seccomp-bpf | 9 | by restricting the running environment of untrusted applications using Linux |
10 | and Linux capabilities. It allows a process and all its descendants to have their own private | 10 | namespaces, seccomp-bpf and Linux capabilities. It allows a process and all |
11 | view of the globally shared kernel resources, such as the network stack, process table, mount table. | 11 | its descendants to have their own private view of the globally shared kernel |
12 | Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. | 12 | resources, such as the network stack, process table, mount table. Firejail can |
13 | 13 | work in a SELinux or AppArmor environment, and it is integrated with Linux | |
14 | Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel | 14 | Control Groups. |
15 | version or newer. It can sandbox any type of processes: servers, graphical applications, and even | 15 | |
16 | user login sessions. The software includes sandbox profiles for a number of more common Linux programs, | 16 | Written in C with virtually no dependencies, the software runs on any Linux |
17 | computer with a 3.x kernel version or newer. It can sandbox any type of | ||
18 | processes: servers, graphical applications, and even user login sessions. The | ||
19 | software includes sandbox profiles for a number of more common Linux programs, | ||
17 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. | 20 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. |
18 | 21 | ||
19 | The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, | 22 | The sandbox is lightweight, the overhead is low. There are no complicated |
20 | no socket connections open, no daemons running in the background. All security features are | 23 | configuration files to edit, no socket connections open, no daemons running in |
21 | implemented directly in Linux kernel and available on any Linux computer. | 24 | the background. All security features are implemented directly in Linux kernel |
25 | and available on any Linux computer. | ||
22 | 26 | ||
23 | ## Videos | 27 | ## Videos |
24 | 28 | ||
@@ -103,7 +107,7 @@ See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: | |||
103 | > What software is supported by the Ubuntu Security team? | 107 | > What software is supported by the Ubuntu Security team? |
104 | > | 108 | > |
105 | > Ubuntu is currently divided into four components: main, restricted, universe | 109 | > Ubuntu is currently divided into four components: main, restricted, universe |
106 | > and multiverse. All binary packages in main and restricted are supported by | 110 | > and multiverse. All binary packages in main and restricted are supported by |
107 | > the Ubuntu Security team for the life of an Ubuntu release, while binary | 111 | > the Ubuntu Security team for the life of an Ubuntu release, while binary |
108 | > packages in universe and multiverse are supported by the Ubuntu community. | 112 | > packages in universe and multiverse are supported by the Ubuntu community. |
109 | 113 | ||
@@ -147,7 +151,7 @@ cd firejail | |||
147 | ./configure && make && sudo make install-strip | 151 | ./configure && make && sudo make install-strip |
148 | ``` | 152 | ``` |
149 | 153 | ||
150 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development | 154 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
151 | libraries and pkg-config are required when using the `--enable-apparmor` | 155 | libraries and pkg-config are required when using the `--enable-apparmor` |
152 | ./configure option: | 156 | ./configure option: |
153 | 157 | ||
@@ -171,7 +175,7 @@ firejail vlc # starting VideoLAN Client | |||
171 | sudo firejail /etc/init.d/nginx start | 175 | sudo firejail /etc/init.d/nginx start |
172 | ``` | 176 | ``` |
173 | 177 | ||
174 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 178 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
175 | 179 | ||
176 | ```console | 180 | ```console |
177 | $ firejail --list | 181 | $ firejail --list |
@@ -191,16 +195,16 @@ firecfg --fix-sound | |||
191 | sudo firecfg | 195 | sudo firecfg |
192 | ``` | 196 | ``` |
193 | 197 | ||
194 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 198 | The first command solves some shared memory/PID namespace bugs in PulseAudio |
195 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 199 | software prior to version 9. The second command integrates Firejail into your |
196 | PulseAudio changes. | 200 | desktop. You would need to logout and login back to apply PulseAudio changes. |
197 | 201 | ||
198 | Start your programs the way you are used to: desktop manager menus, file | 202 | Start your programs the way you are used to: desktop manager menus, file |
199 | manager, desktop launchers. | 203 | manager, desktop launchers. |
200 | 204 | ||
201 | The integration applies to any program supported by default by Firejail. | 205 | The integration applies to any program supported by default by Firejail. There |
202 | There are over 900 default applications in the current Firejail version, and | 206 | are over 900 default applications in the current Firejail version, and the |
203 | the number goes up with every new release. | 207 | number goes up with every new release. |
204 | 208 | ||
205 | We keep the application list in | 209 | We keep the application list in |
206 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) | 210 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) |
@@ -290,8 +294,8 @@ Discussion: | |||
290 | 294 | ||
291 | ### Profile Statistics | 295 | ### Profile Statistics |
292 | 296 | ||
293 | A small tool to print profile statistics. Compile and install as usual. | 297 | A small tool to print profile statistics. Compile and install as usual. The |
294 | The tool is installed in the /usr/lib/firejail directory. | 298 | tool is installed in the /usr/lib/firejail directory. |
295 | 299 | ||
296 | Run it over the profiles in /etc/profiles: | 300 | Run it over the profiles in /etc/profiles: |
297 | 301 | ||