diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 04:26:59 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 13:52:11 -0300 |
commit | a516247a1c2715b98c8b6281cbd76d5399f51540 (patch) | |
tree | 41053cf10af48caa759768eac14ab209b6016bd0 /README.md | |
parent | docs: line-wrap some long lines (diff) | |
download | firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.tar.gz firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.tar.zst firejail-a516247a1c2715b98c8b6281cbd76d5399f51540.zip |
docs: line-wrap markdown and use double-spacing
Use two spaces to separate sentences to make the source easier to read
in monospace fonts (such as when editing or reviewing it), especially
for longer paragraphs. The HTML output should still look the same.
Misc: This also removes source-level ambiguity regarding abbreviations
(such as "Mr.") vs the end of sentences and enables moving between
sentences in vi with `(` and `)`, for example.
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 50 |
1 files changed, 27 insertions, 23 deletions
@@ -5,20 +5,24 @@ | |||
5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) | 5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) |
6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) | 6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) |
7 | 7 | ||
8 | Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting | 8 | Firejail is a SUID sandbox program that reduces the risk of security breaches |
9 | the running environment of untrusted applications using Linux namespaces, seccomp-bpf | 9 | by restricting the running environment of untrusted applications using Linux |
10 | and Linux capabilities. It allows a process and all its descendants to have their own private | 10 | namespaces, seccomp-bpf and Linux capabilities. It allows a process and all |
11 | view of the globally shared kernel resources, such as the network stack, process table, mount table. | 11 | its descendants to have their own private view of the globally shared kernel |
12 | Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. | 12 | resources, such as the network stack, process table, mount table. Firejail can |
13 | 13 | work in a SELinux or AppArmor environment, and it is integrated with Linux | |
14 | Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel | 14 | Control Groups. |
15 | version or newer. It can sandbox any type of processes: servers, graphical applications, and even | 15 | |
16 | user login sessions. The software includes sandbox profiles for a number of more common Linux programs, | 16 | Written in C with virtually no dependencies, the software runs on any Linux |
17 | computer with a 3.x kernel version or newer. It can sandbox any type of | ||
18 | processes: servers, graphical applications, and even user login sessions. The | ||
19 | software includes sandbox profiles for a number of more common Linux programs, | ||
17 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. | 20 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. |
18 | 21 | ||
19 | The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, | 22 | The sandbox is lightweight, the overhead is low. There are no complicated |
20 | no socket connections open, no daemons running in the background. All security features are | 23 | configuration files to edit, no socket connections open, no daemons running in |
21 | implemented directly in Linux kernel and available on any Linux computer. | 24 | the background. All security features are implemented directly in Linux kernel |
25 | and available on any Linux computer. | ||
22 | 26 | ||
23 | ## Videos | 27 | ## Videos |
24 | 28 | ||
@@ -103,7 +107,7 @@ See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: | |||
103 | > What software is supported by the Ubuntu Security team? | 107 | > What software is supported by the Ubuntu Security team? |
104 | > | 108 | > |
105 | > Ubuntu is currently divided into four components: main, restricted, universe | 109 | > Ubuntu is currently divided into four components: main, restricted, universe |
106 | > and multiverse. All binary packages in main and restricted are supported by | 110 | > and multiverse. All binary packages in main and restricted are supported by |
107 | > the Ubuntu Security team for the life of an Ubuntu release, while binary | 111 | > the Ubuntu Security team for the life of an Ubuntu release, while binary |
108 | > packages in universe and multiverse are supported by the Ubuntu community. | 112 | > packages in universe and multiverse are supported by the Ubuntu community. |
109 | 113 | ||
@@ -147,7 +151,7 @@ cd firejail | |||
147 | ./configure && make && sudo make install-strip | 151 | ./configure && make && sudo make install-strip |
148 | ``` | 152 | ``` |
149 | 153 | ||
150 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development | 154 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
151 | libraries and pkg-config are required when using the `--enable-apparmor` | 155 | libraries and pkg-config are required when using the `--enable-apparmor` |
152 | ./configure option: | 156 | ./configure option: |
153 | 157 | ||
@@ -171,7 +175,7 @@ firejail vlc # starting VideoLAN Client | |||
171 | sudo firejail /etc/init.d/nginx start | 175 | sudo firejail /etc/init.d/nginx start |
172 | ``` | 176 | ``` |
173 | 177 | ||
174 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 178 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
175 | 179 | ||
176 | ```console | 180 | ```console |
177 | $ firejail --list | 181 | $ firejail --list |
@@ -191,16 +195,16 @@ firecfg --fix-sound | |||
191 | sudo firecfg | 195 | sudo firecfg |
192 | ``` | 196 | ``` |
193 | 197 | ||
194 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 198 | The first command solves some shared memory/PID namespace bugs in PulseAudio |
195 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 199 | software prior to version 9. The second command integrates Firejail into your |
196 | PulseAudio changes. | 200 | desktop. You would need to logout and login back to apply PulseAudio changes. |
197 | 201 | ||
198 | Start your programs the way you are used to: desktop manager menus, file | 202 | Start your programs the way you are used to: desktop manager menus, file |
199 | manager, desktop launchers. | 203 | manager, desktop launchers. |
200 | 204 | ||
201 | The integration applies to any program supported by default by Firejail. | 205 | The integration applies to any program supported by default by Firejail. There |
202 | There are over 900 default applications in the current Firejail version, and | 206 | are over 900 default applications in the current Firejail version, and the |
203 | the number goes up with every new release. | 207 | number goes up with every new release. |
204 | 208 | ||
205 | We keep the application list in | 209 | We keep the application list in |
206 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) | 210 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) |
@@ -290,8 +294,8 @@ Discussion: | |||
290 | 294 | ||
291 | ### Profile Statistics | 295 | ### Profile Statistics |
292 | 296 | ||
293 | A small tool to print profile statistics. Compile and install as usual. | 297 | A small tool to print profile statistics. Compile and install as usual. The |
294 | The tool is installed in the /usr/lib/firejail directory. | 298 | tool is installed in the /usr/lib/firejail directory. |
295 | 299 | ||
296 | Run it over the profiles in /etc/profiles: | 300 | Run it over the profiles in /etc/profiles: |
297 | 301 | ||