diff options
author | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-23 03:54:01 -0300 |
---|---|---|
committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2023-03-26 12:46:20 -0300 |
commit | f72d738e619601f6161e102bc95339d2eb679ea2 (patch) | |
tree | ae125d66ffd44e38995311371d42af0b3805fce9 /README.md | |
parent | docs: deduplicate info from SECURITY.md (diff) | |
download | firejail-f72d738e619601f6161e102bc95339d2eb679ea2.tar.gz firejail-f72d738e619601f6161e102bc95339d2eb679ea2.tar.zst firejail-f72d738e619601f6161e102bc95339d2eb679ea2.zip |
docs: improve code blocks
Changes:
* Use the usual 3 instead of 5 backticks for code fences
* To improve syntax highlighting, remove the leading dollar signs for
command lines without output and set the language used
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 50 |
1 files changed, 25 insertions, 25 deletions
@@ -110,19 +110,19 @@ Firejail is included in a large number of Linux distributions. | |||
110 | 110 | ||
111 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail's source code from our Git repository and compile manually: | 111 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail's source code from our Git repository and compile manually: |
112 | 112 | ||
113 | ````` | 113 | ```sh |
114 | $ git clone https://github.com/netblue30/firejail.git | 114 | git clone https://github.com/netblue30/firejail.git |
115 | $ cd firejail | 115 | cd firejail |
116 | $ ./configure && make && sudo make install-strip | 116 | ./configure && make && sudo make install-strip |
117 | ````` | 117 | ``` |
118 | 118 | ||
119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
120 | development libraries and pkg-config are required when using `--enable-apparmor` | 120 | development libraries and pkg-config are required when using `--enable-apparmor` |
121 | ./configure option: | 121 | ./configure option: |
122 | 122 | ||
123 | ````` | 123 | ```sh |
124 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 124 | sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
125 | ````` | 125 | ``` |
126 | 126 | ||
127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). | 127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). |
128 | 128 | ||
@@ -132,32 +132,32 @@ Detailed information on using firejail from git is available on the [wiki](https | |||
132 | 132 | ||
133 | To start the sandbox, prefix your command with `firejail`: | 133 | To start the sandbox, prefix your command with `firejail`: |
134 | 134 | ||
135 | ````` | 135 | ```sh |
136 | $ firejail firefox # starting Mozilla Firefox | 136 | firejail firefox # starting Mozilla Firefox |
137 | $ firejail transmission-gtk # starting Transmission BitTorrent | 137 | firejail transmission-gtk # starting Transmission BitTorrent |
138 | $ firejail vlc # starting VideoLAN Client | 138 | firejail vlc # starting VideoLAN Client |
139 | $ sudo firejail /etc/init.d/nginx start | 139 | sudo firejail /etc/init.d/nginx start |
140 | ````` | 140 | ``` |
141 | 141 | ||
142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
143 | 143 | ||
144 | ````` | 144 | ```console |
145 | $ firejail --list | 145 | $ firejail --list |
146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
147 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt | 147 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt |
148 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator | 148 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator |
149 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 | 149 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 |
150 | 7916:netblue:firejail --list | 150 | 7916:netblue:firejail --list |
151 | ````` | 151 | ``` |
152 | 152 | ||
153 | ## Desktop integration | 153 | ## Desktop integration |
154 | 154 | ||
155 | Integrate your sandbox into your desktop by running the following two commands: | 155 | Integrate your sandbox into your desktop by running the following two commands: |
156 | 156 | ||
157 | ````` | 157 | ```sh |
158 | $ firecfg --fix-sound | 158 | firecfg --fix-sound |
159 | $ sudo firecfg | 159 | sudo firecfg |
160 | ````` | 160 | ``` |
161 | 161 | ||
162 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 162 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. |
163 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 163 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply |
@@ -190,18 +190,18 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
190 | 190 | ||
191 | ### --keep-shell-rc | 191 | ### --keep-shell-rc |
192 | 192 | ||
193 | ````` | 193 | ```text |
194 | --keep-shell-rc | 194 | --keep-shell-rc |
195 | By default, when using a private home directory, firejail copies | 195 | By default, when using a private home directory, firejail copies |
196 | files from the system's user home template (/etc/skel) into it, | 196 | files from the system's user home template (/etc/skel) into it, |
197 | which overrides attempts to whitelist the original files (such | 197 | which overrides attempts to whitelist the original files (such |
198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, | 198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, |
199 | and enables the user to whitelist the original files. | 199 | and enables the user to whitelist the original files. |
200 | ````` | 200 | ``` |
201 | 201 | ||
202 | ### private-etc rework | 202 | ### private-etc rework |
203 | 203 | ||
204 | ````` | 204 | ```text |
205 | --private-etc, --private-etc=file,directory,@group | 205 | --private-etc, --private-etc=file,directory,@group |
206 | The files installed by --private-etc are copies of the original | 206 | The files installed by --private-etc are copies of the original |
207 | system files from /etc directory. By default, the command | 207 | system files from /etc directory. By default, the command |
@@ -232,7 +232,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
232 | by your program is using strace utility: | 232 | by your program is using strace utility: |
233 | 233 | ||
234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | 234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc |
235 | ````` | 235 | ``` |
236 | 236 | ||
237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | 237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) |
238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 | 238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 |
@@ -242,7 +242,7 @@ Discussion: https://github.com/netblue30/firejail/discussions/5610 | |||
242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
243 | Run it over the profiles in /etc/profiles: | 243 | Run it over the profiles in /etc/profiles: |
244 | 244 | ||
245 | ``` | 245 | ```console |
246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile | 246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
247 | No include .local found in /etc/firejail/noprofile.profile | 247 | No include .local found in /etc/firejail/noprofile.profile |
248 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile | 248 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile |