diff options
| author |  netblue30 <netblue30@protonmail.com> | 2021-12-10 09:29:47 -0500 |
|---|---|---|
| committer | netblue30 <netblue30@protonmail.com> | 2021-12-10 09:29:47 -0500 |
| commit | 30e754610f1acfcba1644520a8070f87c3decede (patch) | |
| tree | 5f5f6848c5f189a3bc20cb98a5ece854ecec4070 /README.md | |
| parent | Merge pull request #4748 from kmk3/readme-clarify-ubuntu (diff) | |
| download | firejail-30e754610f1acfcba1644520a8070f87c3decede.tar.gz firejail-30e754610f1acfcba1644520a8070f87c3decede.tar.zst firejail-30e754610f1acfcba1644520a8070f87c3decede.zip | |
profstats fix (#4733)
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 55 |
1 files changed, 29 insertions, 26 deletions
| @@ -298,34 +298,37 @@ INTRUSION DETECTION SYSTEM (IDS) | |||
| 298 | 298 | ||
| 299 | ### Profile Statistics | 299 | ### Profile Statistics |
| 300 | 300 | ||
| 301 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: | 301 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
| 302 | Run it over the profiles in /etc/profiles: | ||
| 302 | ``` | 303 | ``` |
| 303 | $ sudo cp src/profstats/profstats /etc/firejail/. | 304 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
| 304 | $ cd /etc/firejail | 305 | No include .local found in /etc/firejail/noprofile.profile |
| 305 | $ ./profstats *.profile | 306 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile |
| 306 | profiles 1167 | 307 | |
| 307 | include local profile 1167 (include profile-name.local) | 308 | Stats: |
| 308 | include globals 1136 (include globals.local) | 309 | profiles 1176 |
| 309 | blacklist ~/.ssh 1042 (include disable-common.inc) | 310 | include local profile 1175 (include profile-name.local) |
| 310 | seccomp 1062 | 311 | include globals 1144 (include globals.local) |
| 311 | capabilities 1163 | 312 | blacklist ~/.ssh 1050 (include disable-common.inc) |
| 312 | noexec 1049 (include disable-exec.inc) | 313 | seccomp 1070 |
| 313 | noroot 971 | 314 | capabilities 1171 |
| 314 | memory-deny-write-execute 256 | 315 | noexec 1057 (include disable-exec.inc) |
| 315 | apparmor 693 | 316 | noroot 979 |
| 316 | private-bin 677 | 317 | memory-deny-write-execute 258 |
| 317 | private-dev 1027 | 318 | apparmor 700 |
| 318 | private-etc 532 | 319 | private-bin 681 |
| 319 | private-tmp 897 | 320 | private-dev 1033 |
| 320 | whitelist home directory 557 | 321 | private-etc 533 |
| 321 | whitelist var 836 (include whitelist-var-common.inc) | 322 | private-tmp 905 |
| 322 | whitelist run/user 1137 (include whitelist-runuser-common.inc | 323 | whitelist home directory 562 |
| 324 | whitelist var 842 (include whitelist-var-common.inc) | ||
| 325 | whitelist run/user 1145 (include whitelist-runuser-common.inc | ||
| 323 | or blacklist ${RUNUSER}) | 326 | or blacklist ${RUNUSER}) |
| 324 | whitelist usr/share 609 (include whitelist-usr-share-common.inc | 327 | whitelist usr/share 614 (include whitelist-usr-share-common.inc |
| 325 | net none 396 | 328 | net none 399 |
| 326 | dbus-user none 656 | 329 | dbus-user none 662 |
| 327 | dbus-user filter 108 | 330 | dbus-user filter 113 |
| 328 | dbus-system none 808 | 331 | dbus-system none 816 |
| 329 | dbus-system filter 10 | 332 | dbus-system filter 10 |
| 330 | ``` | 333 | ``` |
| 331 | 334 | ||