diff options
author | netblue30 <netblue30@protonmail.com> | 2021-12-10 09:29:47 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-12-10 09:29:47 -0500 |
commit | 30e754610f1acfcba1644520a8070f87c3decede (patch) | |
tree | 5f5f6848c5f189a3bc20cb98a5ece854ecec4070 /README.md | |
parent | Merge pull request #4748 from kmk3/readme-clarify-ubuntu (diff) | |
download | firejail-30e754610f1acfcba1644520a8070f87c3decede.tar.gz firejail-30e754610f1acfcba1644520a8070f87c3decede.tar.zst firejail-30e754610f1acfcba1644520a8070f87c3decede.zip |
profstats fix (#4733)
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 55 |
1 files changed, 29 insertions, 26 deletions
@@ -298,34 +298,37 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
298 | 298 | ||
299 | ### Profile Statistics | 299 | ### Profile Statistics |
300 | 300 | ||
301 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: | 301 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
302 | Run it over the profiles in /etc/profiles: | ||
302 | ``` | 303 | ``` |
303 | $ sudo cp src/profstats/profstats /etc/firejail/. | 304 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
304 | $ cd /etc/firejail | 305 | No include .local found in /etc/firejail/noprofile.profile |
305 | $ ./profstats *.profile | 306 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile |
306 | profiles 1167 | 307 | |
307 | include local profile 1167 (include profile-name.local) | 308 | Stats: |
308 | include globals 1136 (include globals.local) | 309 | profiles 1176 |
309 | blacklist ~/.ssh 1042 (include disable-common.inc) | 310 | include local profile 1175 (include profile-name.local) |
310 | seccomp 1062 | 311 | include globals 1144 (include globals.local) |
311 | capabilities 1163 | 312 | blacklist ~/.ssh 1050 (include disable-common.inc) |
312 | noexec 1049 (include disable-exec.inc) | 313 | seccomp 1070 |
313 | noroot 971 | 314 | capabilities 1171 |
314 | memory-deny-write-execute 256 | 315 | noexec 1057 (include disable-exec.inc) |
315 | apparmor 693 | 316 | noroot 979 |
316 | private-bin 677 | 317 | memory-deny-write-execute 258 |
317 | private-dev 1027 | 318 | apparmor 700 |
318 | private-etc 532 | 319 | private-bin 681 |
319 | private-tmp 897 | 320 | private-dev 1033 |
320 | whitelist home directory 557 | 321 | private-etc 533 |
321 | whitelist var 836 (include whitelist-var-common.inc) | 322 | private-tmp 905 |
322 | whitelist run/user 1137 (include whitelist-runuser-common.inc | 323 | whitelist home directory 562 |
324 | whitelist var 842 (include whitelist-var-common.inc) | ||
325 | whitelist run/user 1145 (include whitelist-runuser-common.inc | ||
323 | or blacklist ${RUNUSER}) | 326 | or blacklist ${RUNUSER}) |
324 | whitelist usr/share 609 (include whitelist-usr-share-common.inc | 327 | whitelist usr/share 614 (include whitelist-usr-share-common.inc |
325 | net none 396 | 328 | net none 399 |
326 | dbus-user none 656 | 329 | dbus-user none 662 |
327 | dbus-user filter 108 | 330 | dbus-user filter 113 |
328 | dbus-system none 808 | 331 | dbus-system none 816 |
329 | dbus-system filter 10 | 332 | dbus-system filter 10 |
330 | ``` | 333 | ``` |
331 | 334 | ||