diff options
author | netblue30 <netblue30@yahoo.com> | 2017-11-08 08:30:10 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-11-08 08:30:10 -0500 |
commit | b1b1e774a175fe2ee35aa22d02c097e13873a5a9 (patch) | |
tree | 22e3fda2f21723e05a2299ef30668aa5af1119af /README.md | |
parent | Merge pull request #1637 from soredake/keepassxc (diff) | |
download | firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.tar.gz firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.tar.zst firejail-b1b1e774a175fe2ee35aa22d02c097e13873a5a9.zip |
private-bin and private-lib fixes
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 17 |
1 files changed, 13 insertions, 4 deletions
@@ -100,17 +100,23 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
100 | 100 | ||
101 | ## Whitelisting, globbing etc. | 101 | ## Whitelisting, globbing etc. |
102 | 102 | ||
103 | Add "include /etc/firejail/whitelist-var-common.inc" to an application profile and test it. If it's working, | 103 | We deployed a whitelist for /var directory ("include /etc/firejail/whitelist-var-common.inc"). |
104 | send a pull request. I did it so far for some more common applications like Firefox, Chromium etc. | 104 | It is currently done for 115 applications. |
105 | 105 | ||
106 | Added globbing support for --private-bin. Added whitelisting support for /etc and /usr/share. | 106 | We added globbing support for --private-bin and whitelisting support for /etc and /usr/share. |
107 | 107 | ||
108 | --private-lib was enhanced to autodetect GTK2, GTK3 and Qt4 libraries. We do a test run with this option enabled | 108 | --private-lib was enhanced to autodetect GTK2, GTK3 and Qt4 libraries. In the next release we do a test run with this option enabled |
109 | for the following applications: evince, galculator, gnome-calculator, | 109 | for the following applications: evince, galculator, gnome-calculator, |
110 | leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, | 110 | leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, |
111 | atril, mate-color-select, tar, file, strings, gpicview, | 111 | atril, mate-color-select, tar, file, strings, gpicview, |
112 | eom, eog, gedit, pluma | 112 | eom, eog, gedit, pluma |
113 | 113 | ||
114 | Just for fun, this is a private-bin/private-lib Firefox running on Debian 9: | ||
115 | ````` | ||
116 | $ firejail --private-bin=firefox,firefox-esr,sh,which --private-lib=firefox-esr firefox | ||
117 | ```` | ||
118 | |||
119 | |||
114 | ## Profile build tool | 120 | ## Profile build tool |
115 | ````` | 121 | ````` |
116 | $ firejail --build appname | 122 | $ firejail --build appname |
@@ -201,6 +207,9 @@ $ | |||
201 | 207 | ||
202 | $ firejail --timeout=01:30:00 firefox | 208 | $ firejail --timeout=01:30:00 firefox |
203 | 209 | ||
210 | --debug-private-lib | ||
211 | Debug messages for --private-lib option. | ||
212 | |||
204 | ````` | 213 | ````` |
205 | 214 | ||
206 | ## New profiles: | 215 | ## New profiles: |