diff options
author | netblue30 <netblue30@yahoo.com> | 2015-11-08 11:31:39 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-11-08 11:31:39 -0500 |
commit | 19427f0f6102946b56f5fbf3d11c5e5c38043fa7 (patch) | |
tree | c5613023e58255849542acadf8839ab24de49d37 /README.md | |
parent | 0.9.34 testing (diff) | |
download | firejail-19427f0f6102946b56f5fbf3d11c5e5c38043fa7.tar.gz firejail-19427f0f6102946b56f5fbf3d11c5e5c38043fa7.tar.zst firejail-19427f0f6102946b56f5fbf3d11c5e5c38043fa7.zip |
0.9.34 released0.9.34
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 71 |
1 files changed, 0 insertions, 71 deletions
@@ -34,74 +34,3 @@ FAQ: https://l3net.wordpress.com/projects/firejail/firejail-faq/ | |||
34 | 34 | ||
35 | 35 | ||
36 | 36 | ||
37 | ## New features in the development version | ||
38 | |||
39 | ### Whitelisting in default Firefox profile | ||
40 | |||
41 | The next release will bring in default whitelisting for Firefox files and folders under /home/user. | ||
42 | If you start the sandbox without any other options, this is what you'll get: | ||
43 | |||
44 | ![Whitelisted home directory](firefox-whitelist.png?raw=true) | ||
45 | |||
46 | The code is located in etc/firefox.inc file: | ||
47 | |||
48 | ````` | ||
49 | whitelist ~/.mozilla | ||
50 | whitelist ~/Downloads | ||
51 | whitelist ~/dwhelper | ||
52 | whitelist ~/.zotero | ||
53 | whitelist ~/.lastpass | ||
54 | whitelist ~/.gtkrc-2.0 | ||
55 | whitelist ~/.vimperatorrc | ||
56 | whitelist ~/.vimperator | ||
57 | whitelist ~/.pentadactylrc | ||
58 | whitelist ~/.pentadactyl | ||
59 | ````` | ||
60 | |||
61 | I intend to bring in all files and directories used by Firefox addons and plugins. So far I have | ||
62 | [Video DownloadHelper](https://addons.mozilla.org/en-US/firefox/addon/video-downloadhelper/), | ||
63 | [Zotero](https://www.zotero.org/download/), | ||
64 | [LastPass](https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/), | ||
65 | [Vimperator](https://addons.mozilla.org/en-US/firefox/addon/vimperator/) | ||
66 | and [Pentadactyl](http://5digits.org/pentadactyl/) | ||
67 | If you're using anything else, please let me know. | ||
68 | |||
69 | ### Whitelisting in default Chromium profile | ||
70 | |||
71 | ![Whitelisted home directory](chromium-whitelist.png?raw=true) | ||
72 | |||
73 | ### --ignore option | ||
74 | |||
75 | Ignore commands in profile files. Example: | ||
76 | ````` | ||
77 | $ firejail --ignore=seccomp wine | ||
78 | ````` | ||
79 | |||
80 | ### --protocol option | ||
81 | |||
82 | Enable protocol filter. It is based on seccomp and it filters the first argument to socket system call. | ||
83 | If the value is not recognized, seccomp will kill the process. | ||
84 | Valid values: unix, inet, inet6, netlink and packet. | ||
85 | |||
86 | Example: | ||
87 | ````` | ||
88 | $ firejail --protocol=unix,inet,inet6 | ||
89 | ````` | ||
90 | |||
91 | "unix" describes the regular Unix socket connections, | ||
92 | and "inet" and "inet6" describe the regular IPv4 and IPv6 traffic. Most GUI applications need "unix,inet,inet6". "netlink" is the protocol | ||
93 | used to talk to Linux kernel. You'll only need this for applications such as [iproute2](http://www.linuxfoundation.org/collaborate/workgroups/networking/iproute2) | ||
94 | used in system administration, and "packet" is used by sniffers to talk directly with the Ethernet layer. | ||
95 | |||
96 | Protocol filter is enabled in all default security profiles for GUI applications ("protocol unix,inet,inet6"). | ||
97 | |||
98 | ### Dual i386/amd64 seccomp filter | ||
99 | |||
100 | --seccomp option now installs a dual i386/amd64 default filter. | ||
101 | 32bit applications, such as Skype, running on regular 64bit computers, are protected by i386 seccomp filter. | ||
102 | |||
103 | ### New security profiles | ||
104 | |||
105 | Steam, Skype, Wine. The dual seccomp filter is enabled by default for these applications. | ||
106 | |||
107 | |||