diff options
author | netblue30 <netblue30@yahoo.com> | 2017-08-17 11:31:21 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-08-17 11:31:21 -0400 |
commit | 89e3454eb3f0ca22d423bc3aaba5472d3c249115 (patch) | |
tree | 1928af809086e3fc30e177ac07eddc7483699769 /README.md | |
parent | memory-deny-write-execute (diff) | |
download | firejail-89e3454eb3f0ca22d423bc3aaba5472d3c249115.tar.gz firejail-89e3454eb3f0ca22d423bc3aaba5472d3c249115.tar.zst firejail-89e3454eb3f0ca22d423bc3aaba5472d3c249115.zip |
private-lib
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 28 |
1 files changed, 28 insertions, 0 deletions
@@ -139,6 +139,34 @@ Check the status of the latest build here: https://travis-ci.org/netblue30/firej | |||
139 | mappings that are both writable and executable, to change map‐ | 139 | mappings that are both writable and executable, to change map‐ |
140 | pings to be executable or to create executable shared memory. | 140 | pings to be executable or to create executable shared memory. |
141 | 141 | ||
142 | --private-lib=file,directory | ||
143 | This feature is currently under heavy development. Only amd64 | ||
144 | platforms are supported at this moment. The idea is to build a | ||
145 | new /lib in a temporary filesystem, with only the library files | ||
146 | necessary to run the application. It could be as simple as: | ||
147 | |||
148 | $ firejail --private-lib galculator | ||
149 | |||
150 | but it gets complicated really fast: | ||
151 | |||
152 | $ firejail --private-lib=x86_64-linux-gnu/xed,x86_64-linux- | ||
153 | gnu/gdk-pixbuf-2.0,libenchant.so.1,librsvg-2.so.2 xed | ||
154 | |||
155 | The feature is integrated with --private-bin: | ||
156 | |||
157 | $ firejail --private-lib --private-bin=bash,ls,ps | ||
158 | $ ls /lib | ||
159 | ld-linux-x86-64.so.2 libgpg-error.so.0 libprocps.so.6 libsys‐ | ||
160 | temd.so.0 | ||
161 | libc.so.6 liblz4.so.1 libpthread.so.0 libtinfo.so.5 | ||
162 | libdl.so.2 liblzma.so.5 librt.so.1 x86_64-linux-gnu | ||
163 | libgcrypt.so.20 libpcre.so.3 libselinux.so.1 | ||
164 | $ ps | ||
165 | PID TTY TIME CMD | ||
166 | 1 pts/0 00:00:00 firejail | ||
167 | 45 pts/0 00:00:00 bash | ||
168 | 48 pts/0 00:00:00 ps | ||
169 | $ | ||
142 | 170 | ||
143 | ````` | 171 | ````` |
144 | 172 | ||