diff options
author | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-07-27 07:32:12 -0500 |
---|---|---|
committer | Fred-Barclay <Fred-Barclay@users.noreply.github.com> | 2017-07-27 07:32:12 -0500 |
commit | 4f25023d8d6582f4b28c046d6de258b58ea53671 (patch) | |
tree | 6009c26b76e01a1d3aeec6ac43fe36b112f15b95 /README.md | |
parent | Merge pull request #1407 from aidalgol/riot-profile (diff) | |
download | firejail-4f25023d8d6582f4b28c046d6de258b58ea53671.tar.gz firejail-4f25023d8d6582f4b28c046d6de258b58ea53671.tar.zst firejail-4f25023d8d6582f4b28c046d6de258b58ea53671.zip |
Updates after merges
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 28 |
1 files changed, 14 insertions, 14 deletions
@@ -13,7 +13,7 @@ such as Mozilla Firefox, Chromium, VLC, Transmission etc. | |||
13 | 13 | ||
14 | The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, | 14 | The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, |
15 | no socket connections open, no daemons running in the background. All security features are | 15 | no socket connections open, no daemons running in the background. All security features are |
16 | implemented directly in Linux kernel and available on any Linux computer. | 16 | implemented directly in Linux kernel and available on any Linux computer. |
17 | 17 | ||
18 | [![About Firejail](video.png)](http://www.youtube.com/watch?v=Yk1HVPOeoTc) | 18 | [![About Firejail](video.png)](http://www.youtube.com/watch?v=Yk1HVPOeoTc) |
19 | 19 | ||
@@ -54,11 +54,11 @@ $ sudo firejail /etc/init.d/nginx start | |||
54 | Run "firejail --list" in a terminal to list all active sandboxes. Example: | 54 | Run "firejail --list" in a terminal to list all active sandboxes. Example: |
55 | ````` | 55 | ````` |
56 | $ firejail --list | 56 | $ firejail --list |
57 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 57 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
58 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt | 58 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt |
59 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator | 59 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator |
60 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 | 60 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 |
61 | 7916:netblue:firejail --list | 61 | 7916:netblue:firejail --list |
62 | ````` | 62 | ````` |
63 | 63 | ||
64 | ## Desktop integration | 64 | ## Desktop integration |
@@ -69,13 +69,13 @@ $ firecfg --fix-sound | |||
69 | $ sudo firecfg | 69 | $ sudo firecfg |
70 | ````` | 70 | ````` |
71 | 71 | ||
72 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 72 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. |
73 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 73 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply |
74 | PulseAudio changes. | 74 | PulseAudio changes. |
75 | 75 | ||
76 | Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. | 76 | Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. |
77 | The integration applies to any program supported by default by Firejail. There are about 250 default applications | 77 | The integration applies to any program supported by default by Firejail. There are about 250 default applications |
78 | in current Firejail version, and the number goes up with every new release. | 78 | in current Firejail version, and the number goes up with every new release. |
79 | We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. | 79 | We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. |
80 | 80 | ||
81 | ## Security profiles | 81 | ## Security profiles |
@@ -116,7 +116,7 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
116 | 116 | ||
117 | ## Default seccomp list update | 117 | ## Default seccomp list update |
118 | 118 | ||
119 | The following syscalls have been added: | 119 | The following syscalls have been added: |
120 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | 120 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, |
121 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | 121 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, |
122 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | 122 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, |
@@ -126,5 +126,5 @@ ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted b | |||
126 | 126 | ||
127 | ## New profiles: | 127 | ## New profiles: |
128 | 128 | ||
129 | curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio | 129 | curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, |
130 | 130 | IntelliJ IDEA, Android Studio, electron, riot-web | |