diff options
| author |  netblue30 <netblue30@yahoo.com> | 2016-10-23 08:20:22 -0400 |
|---|---|---|
| committer | netblue30 <netblue30@yahoo.com> | 2016-10-23 08:20:22 -0400 |
| commit | 4802d8b42393e1128279d43f5ba8dac918ffc1df (patch) | |
| tree | 698533e0d2612e4bd02297c5d6680ebaeac2543f /README.md | |
| parent | 0.9.44 - build rpm (diff) | |
| download | firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.tar.gz firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.tar.zst firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.zip | |
starting 0.9.45 devel version
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 70 |
1 files changed, 1 insertions, 69 deletions
| @@ -47,73 +47,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
| 47 | ````` | 47 | ````` |
| 48 | 48 | ||
| 49 | ````` | 49 | ````` |
| 50 | # Current development version: 0.9.43 | 50 | # Current development version: 0.9.45 |
| 51 | |||
| 52 | ## X11 development | ||
| 53 | ````` | ||
| 54 | --x11=none | ||
| 55 | Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and the | ||
| 56 | file specified in ${XAUTHORITY} environment variable. Remove | ||
| 57 | DISPLAY and XAUTHORITY environment variables. Stop with error | ||
| 58 | message if X11 abstract socket will be accessible in jail. | ||
| 59 | |||
| 60 | --x11=xorg | ||
| 61 | Sandbox the application using the untrusted mode implemented by | ||
| 62 | X11 security extension. The extension is available in Xorg | ||
| 63 | package and it is installed by default on most Linux distribu‐ | ||
| 64 | tions. It provides support for a simple trusted/untrusted con‐ | ||
| 65 | nection model. Untrusted clients are restricted in certain ways | ||
| 66 | to prevent them from reading window contents of other clients, | ||
| 67 | stealing input events, etc. | ||
| 68 | |||
| 69 | The untrusted mode has several limitations. A lot of regular | ||
| 70 | programs assume they are a trusted X11 clients and will crash | ||
| 71 | or lock up when run in untrusted mode. Chromium browser and | ||
| 72 | xterm are two examples. Firefox and transmission-gtk seem to be | ||
| 73 | working fine. A network namespace is not required for this | ||
| 74 | option. | ||
| 75 | |||
| 76 | Example: | ||
| 77 | $ firejail --x11=xorg firefox | ||
| 78 | ````` | ||
| 79 | |||
| 80 | ## Other command line options | ||
| 81 | ````` | ||
| 82 | --put=name|pid src-filename dest-filename | ||
| 83 | Put src-filename in sandbox container. The container is specified by name or PID. | ||
| 84 | |||
| 85 | --allusers | ||
| 86 | All user home directories are visible inside the sandbox. By default, only current user home | ||
| 87 | directory is visible. | ||
| 88 | |||
| 89 | Example: | ||
| 90 | $ firejail --allusers | ||
| 91 | |||
| 92 | --join-or-start=name | ||
| 93 | Join the sandbox identified by name or start a new one. Same as "firejail --join=name" if | ||
| 94 | sandbox with specified name exists, otherwise same as "firejail --name=name ..." | ||
| 95 | Note that in contrary to other join options there is respective profile option. | ||
| 96 | |||
| 97 | --no3d Disable 3D hardware acceleration. | ||
| 98 | |||
| 99 | Example: | ||
| 100 | $ firejail --no3d firefox | ||
| 101 | |||
| 102 | --veth-name=name | ||
| 103 | Use this name for the interface connected to the bridge for | ||
| 104 | --net=bridge_interface commands, instead of the default one. | ||
| 105 | |||
| 106 | Example: | ||
| 107 | $ firejail --net=br0 --veth-name=if0 | ||
| 108 | |||
| 109 | ````` | ||
| 110 | |||
| 111 | ## New profile commands | ||
| 112 | |||
| 113 | x11 xpra, x11 xephyr, x11 none, x11 xorg, allusers, join-or-start | ||
| 114 | |||
| 115 | ## New profiles | ||
| 116 | |||
| 117 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx, | ||
| 118 | claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot, Flowblade, Eye of GNOME (eog), Evolution | ||
| 119 | 51 | ||