diff options
author | vis <vis@mailbox.org> | 2016-11-03 15:06:57 +0100 |
---|---|---|
committer | vis <vis@mailbox.org> | 2016-11-03 15:06:57 +0100 |
commit | 2aafd9bd3a96b578bf423eb8faba0efe965c52d5 (patch) | |
tree | 6ab4d26a6daad1e3972a86dbdcbe67030d710883 /README.md | |
parent | Improvements for Zathura profile (diff) | |
parent | removed warning if --quiet is enabled (diff) | |
download | firejail-2aafd9bd3a96b578bf423eb8faba0efe965c52d5.tar.gz firejail-2aafd9bd3a96b578bf423eb8faba0efe965c52d5.tar.zst firejail-2aafd9bd3a96b578bf423eb8faba0efe965c52d5.zip |
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 70 |
1 files changed, 6 insertions, 64 deletions
@@ -40,75 +40,17 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | |||
40 | If you keep your Firejail profiles in a public repository, please give us a link: | 40 | If you keep your Firejail profiles in a public repository, please give us a link: |
41 | 41 | ||
42 | * https://github.com/chiraag-nataraj/firejail-profiles | 42 | * https://github.com/chiraag-nataraj/firejail-profiles |
43 | ````` | ||
44 | 43 | ||
45 | ````` | 44 | * https://github.com/triceratops1/fe |
46 | # Current development version: 0.9.43 | ||
47 | 45 | ||
48 | ## X11 development | 46 | Use this issue to request new profiles: https://github.com/netblue30/firejail/issues/825 |
49 | ````` | ||
50 | --x11=none | ||
51 | Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and the | ||
52 | file specified in ${XAUTHORITY} environment variable. Remove | ||
53 | DISPLAY and XAUTHORITY environment variables. Stop with error | ||
54 | message if X11 abstract socket will be accessible in jail. | ||
55 | |||
56 | --x11=xorg | ||
57 | Sandbox the application using the untrusted mode implemented by | ||
58 | X11 security extension. The extension is available in Xorg | ||
59 | package and it is installed by default on most Linux distribu‐ | ||
60 | tions. It provides support for a simple trusted/untrusted con‐ | ||
61 | nection model. Untrusted clients are restricted in certain ways | ||
62 | to prevent them from reading window contents of other clients, | ||
63 | stealing input events, etc. | ||
64 | |||
65 | The untrusted mode has several limitations. A lot of regular | ||
66 | programs assume they are a trusted X11 clients and will crash | ||
67 | or lock up when run in untrusted mode. Chromium browser and | ||
68 | xterm are two examples. Firefox and transmission-gtk seem to be | ||
69 | working fine. A network namespace is not required for this | ||
70 | option. | ||
71 | |||
72 | Example: | ||
73 | $ firejail --x11=xorg firefox | ||
74 | ````` | 47 | ````` |
75 | 48 | ||
76 | ## Other command line options | ||
77 | ````` | 49 | ````` |
78 | --put=name|pid src-filename dest-filename | 50 | # Current development version: 0.9.45 |
79 | Put src-filename in sandbox container. The container is specified by name or PID. | ||
80 | |||
81 | --allusers | ||
82 | All user home directories are visible inside the sandbox. By default, only current user home | ||
83 | directory is visible. | ||
84 | |||
85 | Example: | ||
86 | $ firejail --allusers | ||
87 | |||
88 | --join-or-start=name | ||
89 | Join the sandbox identified by name or start a new one. Same as "firejail --join=name" if | ||
90 | sandbox with specified name exists, otherwise same as "firejail --name=name ..." | ||
91 | Note that in contrary to other join options there is respective profile option. | ||
92 | |||
93 | --no3d Disable 3D hardware acceleration. | ||
94 | |||
95 | Example: | ||
96 | $ firejail --no3d firefox | ||
97 | |||
98 | --veth-name=name | ||
99 | Use this name for the interface connected to the bridge for | ||
100 | --net=bridge_interface commands, instead of the default one. | ||
101 | |||
102 | Example: | ||
103 | $ firejail --net=br0 --veth-name=if0 | ||
104 | |||
105 | ````` | 51 | ````` |
106 | 52 | ||
107 | ## New profile commands | 53 | ````` |
108 | 54 | ## New Profiles | |
109 | x11 xpra, x11 xephyr, x11 none, x11 xorg, allusers, join-or-start | 55 | xiphos, Tor Browser Bundle, display (imagemagik), Wire, mumble |
110 | |||
111 | ## New profiles | ||
112 | |||
113 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx | ||
114 | 56 | ||