diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-12 08:21:57 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-12 08:21:57 -0400 |
commit | 67f8a71cd721b1786dc5b17248316a714ea71869 (patch) | |
tree | 2c4ed7ce9d754835b8a9f838ce5a4c5db902214e /todo | |
parent | audit work (diff) | |
download | firejail-67f8a71cd721b1786dc5b17248316a714ea71869.tar.gz firejail-67f8a71cd721b1786dc5b17248316a714ea71869.tar.zst firejail-67f8a71cd721b1786dc5b17248316a714ea71869.zip |
whitelist rework
Diffstat (limited to 'todo')
-rw-r--r-- | todo | 57 |
1 files changed, 57 insertions, 0 deletions
@@ -161,3 +161,60 @@ To disable Vsync | |||
161 | 161 | ||
162 | $ vblank_mode=0 glxgears | 162 | $ vblank_mode=0 glxgears |
163 | 163 | ||
164 | 18. Bring in nvidia drives in private-dev | ||
165 | |||
166 | /dev/nvidia[0-9], /dev/nvidiactl, /dev/nvidia-modset and /dev/nvidia-uvm | ||
167 | |||
168 | 19. testing snaps | ||
169 | |||
170 | Install firejail from official repository | ||
171 | sudo apt-get install firejail | ||
172 | |||
173 | Check firejail version | ||
174 | firejail --version | ||
175 | |||
176 | Above command outputs: firejail version 0.9.38 | ||
177 | |||
178 | Search the snap 'ubuntu clock' application | ||
179 | sudo snap find ubuntu-clock-app | ||
180 | |||
181 | Install 'ubuntu clock' application using snap | ||
182 | sudo snap install ubuntu-clock-app | ||
183 | |||
184 | Ubuntu snap packages are installed in /snap/// directory and can be executed from /snap/bin/ | ||
185 | cd /snap/bin/ | ||
186 | ls -l | ||
187 | |||
188 | Note: We see application name is: ubuntu-clock-app.clock | ||
189 | |||
190 | Run application | ||
191 | /snap/bin/ubuntu-clock-app.clock | ||
192 | |||
193 | Note: Application starts-up without a problem and clock is displayed. | ||
194 | |||
195 | Close application using mouse. | ||
196 | |||
197 | Now try to firejail the application. | ||
198 | firejail /snap/bin/ubuntu-clock-app.clock | ||
199 | |||
200 | -------- Error message -------- | ||
201 | Reading profile /etc/firejail/generic.profile | ||
202 | Reading profile /etc/firejail/disable-mgmt.inc | ||
203 | Reading profile /etc/firejail/disable-secret.inc | ||
204 | Reading profile /etc/firejail/disable-common.inc | ||
205 | |||
206 | ** Note: you can use --noprofile to disable generic.profile ** | ||
207 | |||
208 | Parent pid 3770, child pid 3771 | ||
209 | |||
210 | Child process initialized | ||
211 | need to run as root or suid | ||
212 | |||
213 | parent is shutting down, bye... | ||
214 | -------- End of Error message -------- | ||
215 | |||
216 | Try running as root as message instructs. | ||
217 | sudo firejail /snap/bin/ubuntu-clock-app.clock | ||
218 | |||
219 | extract env for process | ||
220 | ps e -p <pid> | sed 's/ /\n/g' | ||