diff options
author | netblue30 <netblue30@yahoo.com> | 2015-12-29 12:33:37 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-12-29 12:33:37 -0500 |
commit | fd7df99c2d84286c776abb9e88baaa3d606fb5ab (patch) | |
tree | 0d6818be2b11bc5f5b5c7daefeea1fe1f2782a88 /README.md | |
parent | 0.9.36 fixes (diff) | |
download | firejail-fd7df99c2d84286c776abb9e88baaa3d606fb5ab.tar.gz firejail-fd7df99c2d84286c776abb9e88baaa3d606fb5ab.tar.zst firejail-fd7df99c2d84286c776abb9e88baaa3d606fb5ab.zip |
0.9.36 released
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 76 |
1 files changed, 0 insertions, 76 deletions
@@ -32,79 +32,3 @@ Documentation: https://firejail.wordpress.com/documentation-2/ | |||
32 | 32 | ||
33 | FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | 33 | FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ |
34 | 34 | ||
35 | ## Development version 0.9.35 | ||
36 | |||
37 | ### The project has moved to a new home: https://firejail.wordpress.com/ | ||
38 | |||
39 | ### New security profiles: | ||
40 | New profiles introduced in this version: unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, | ||
41 | google-chrome-stable, google-chrome-beta, google-chrome-unstable, opera-beta | ||
42 | |||
43 | ### --noblacklist | ||
44 | ````` | ||
45 | --noblacklist=dirname_or_filename | ||
46 | Disable blacklist for this directory or file. | ||
47 | |||
48 | Example: | ||
49 | $ firejail | ||
50 | $ nc dict.org 2628 | ||
51 | bash: /bin/nc: Permission denied | ||
52 | $ exit | ||
53 | |||
54 | $ firejail --noblacklist=/bin/nc | ||
55 | $ nc dict.org 2628 | ||
56 | 220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64 | ||
57 | ````` | ||
58 | |||
59 | ### --whitelist | ||
60 | |||
61 | Whitelist command accepts files in user home, /dev, /media, /var, and /tmp directories. | ||
62 | |||
63 | ### --tracelog | ||
64 | |||
65 | Tracelog command enables auditing blacklisted files and directories. A message | ||
66 | is sent to syslog in case the file or the directory is accessed. Example: | ||
67 | ````` | ||
68 | $ firejail --tracelog firefox | ||
69 | ````` | ||
70 | Syslog example: | ||
71 | ````` | ||
72 | $ sudo tail -f /var/log/syslog | ||
73 | [...] | ||
74 | Dec 3 11:43:25 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox, | ||
75 | syscall open64, path /etc/shadow | ||
76 | Dec 3 11:46:17 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox, | ||
77 | syscall opendir, path /boot | ||
78 | [...] | ||
79 | ````` | ||
80 | Tracelog is enabled by default in several profile files. | ||
81 | |||
82 | ### --profile-path | ||
83 | For various reasons some users might want to keep the profile files in | ||
84 | a different directory. Using --profile-path command line option, | ||
85 | Firejail can be instructed to look for profiles into this directory. | ||
86 | |||
87 | This is an example of relocating the profile files into a new directory, | ||
88 | /home/netblue/myprofiles. Start by creating the new directory and | ||
89 | copy all the profile files in: | ||
90 | ````` | ||
91 | $ mkdir ~/myprofiles && cd ~/myprofiles && cp /etc/firejail/* . | ||
92 | ````` | ||
93 | Using sed utility, modify the absolute paths for include commands: | ||
94 | ````` | ||
95 | $ sed -i "s/\/etc\/firejail/\/home\/netblue\/myprofiles/g" *.profile | ||
96 | $ sed -i "s/\/etc\/firejail/\/home\/netblue\/myprofiles/g" *.inc | ||
97 | ````` | ||
98 | Start Firejail using the new path: | ||
99 | ````` | ||
100 | $ firejail --profile-path=~/myprofiles | ||
101 | ````` | ||
102 | |||
103 | ### --force | ||
104 | |||
105 | This option allows the user to start a sandbox inside an existing sandbox. It is mainly used for running | ||
106 | Firejail inside a Docker container. | ||
107 | |||
108 | ### Debian reproducible build | ||
109 | |||
110 | ### Added "name" and "hostname" command support in profile files | ||