diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-05 10:13:25 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-05 10:13:25 -0400 |
commit | 73ce1000234e0910bc77f424e481a47c6da55dbb (patch) | |
tree | 4756996183560b6ec401d8fc35e1c4d15ce972de /README.md | |
parent | audit feature (diff) | |
download | firejail-73ce1000234e0910bc77f424e481a47c6da55dbb.tar.gz firejail-73ce1000234e0910bc77f424e481a47c6da55dbb.tar.zst firejail-73ce1000234e0910bc77f424e481a47c6da55dbb.zip |
audit feature
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -65,6 +65,27 @@ More packages build by AppImage developer Simon Peter: https://bintray.com/probo | |||
65 | 65 | ||
66 | AppImage project home: https://github.com/probonopd/AppImageKit | 66 | AppImage project home: https://github.com/probonopd/AppImageKit |
67 | 67 | ||
68 | ## Sandbox auditing | ||
69 | ````` | ||
70 | AUDIT | ||
71 | Audit feature allows the user to point out gaps in security profiles. | ||
72 | The implementation replaces the program to be sandboxed with a test | ||
73 | program. By default, we use faudit program distributed with Firejail. A | ||
74 | custom test program can also be supplied by the user. Examples: | ||
75 | |||
76 | Running the default audit program: | ||
77 | $ firejail --audit transmission-gtk | ||
78 | |||
79 | Running a custom audit program: | ||
80 | $ firejail --audit=~/sandbox-test transmission-gtk | ||
81 | |||
82 | In the examples above, the sandbox configures transmission-gtk profile | ||
83 | and starts the test program. The real program, transmission-gtk, will | ||
84 | not be started. | ||
85 | |||
86 | Limitations: audit feature is not implemented for --x11 commands. | ||
87 | ````` | ||
88 | |||
68 | ## Converting profiles to private-bin - work in progress! | 89 | ## Converting profiles to private-bin - work in progress! |
69 | 90 | ||
70 | BitTorrent: deluge, qbittorrent, rtorrent, transmission-gtk, transmission-qt, uget-gtk | 91 | BitTorrent: deluge, qbittorrent, rtorrent, transmission-gtk, transmission-qt, uget-gtk |