diff options
author | netblue30 <netblue30@yahoo.com> | 2016-09-06 09:12:57 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-09-06 09:12:57 -0400 |
commit | cac5c1da30ee626cddea673a65c08bbff7b1df4b (patch) | |
tree | 90b2b456892a24ff572900eb6bac571191cdc4c9 /todo | |
parent | Merge pull request #766 from manevich/fixes (diff) | |
download | firejail-cac5c1da30ee626cddea673a65c08bbff7b1df4b.tar.gz firejail-cac5c1da30ee626cddea673a65c08bbff7b1df4b.tar.zst firejail-cac5c1da30ee626cddea673a65c08bbff7b1df4b.zip |
todo
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -259,8 +259,8 @@ $ sudo reboot | |||
259 | If you are using auditd, start aa-notify to get notification whenever a program causes a DENIED message. | 259 | If you are using auditd, start aa-notify to get notification whenever a program causes a DENIED message. |
260 | $ sudo aa-notify -p -f /var/log/audit/audit.log | 260 | $ sudo aa-notify -p -f /var/log/audit/audit.log |
261 | 261 | ||
262 | /sys/module/apparmor/parameters/enabled | 262 | $ sudo cat /sys/kernel/security/apparmor/profiles | grep firejail |
263 | /sys/kernel/security/apparmor | 263 | firejail-default (enforce) |
264 | 264 | ||
265 | 24. check monitor proc behaviour for sandboxes with --blacklist=/proc | 265 | 24. check monitor proc behaviour for sandboxes with --blacklist=/proc |
266 | also check --apparmor in this case | 266 | also check --apparmor in this case |
@@ -271,3 +271,10 @@ sudo mount -o remount,rw,hidepid=2 /proc | |||
271 | 271 | ||
272 | 26. mupdf profile | 272 | 26. mupdf profile |
273 | 273 | ||
274 | 27. LUKS | ||
275 | |||
276 | dm-crypt+LUKS – dm-crypt is a transparent disk encryption subsystem in | ||
277 | Linux kernel v2.6+ and later and DragonFly BSD. It can encrypt whole disks, | ||
278 | removable media, partitions, software RAID volumes, logical volumes, and files. | ||
279 | |||
280 | 28. add support for whitelisting /mtn | ||