summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--etc/dnscrypt-proxy.profile3
-rw-r--r--etc/dnsmasq.profile3
-rw-r--r--etc/unbound.profile3
-rw-r--r--etc/wireshark.profile7
-rw-r--r--etc/xplayer.profile2
-rw-r--r--etc/xreader.profile2
-rw-r--r--src/man/firecfg.txt2
-rw-r--r--src/man/firejail-login.txt2
-rw-r--r--src/man/firejail-profile.txt2
-rw-r--r--src/man/firejail.txt6
10 files changed, 16 insertions, 16 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile
index 6d4f6349a..458de81e2 100644
--- a/etc/dnscrypt-proxy.profile
+++ b/etc/dnscrypt-proxy.profile
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include /etc/firejail/disable-programs.inc
17 17
18caps 18caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
19# caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
20no3d 19no3d
21nodvd 20nodvd
22nonewprivs 21nonewprivs
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
index 2a1302adb..e6086d1b2 100644
--- a/etc/dnsmasq.profile
+++ b/etc/dnsmasq.profile
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include /etc/firejail/disable-programs.inc
17 17
18caps 18caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
19# caps.keep net_admin,net_bind_service,net_raw,setgid,setuid
20no3d 19no3d
21nodvd 20nodvd
22nonewprivs 21nonewprivs
diff --git a/etc/unbound.profile b/etc/unbound.profile
index d380b5698..c03a25752 100644
--- a/etc/unbound.profile
+++ b/etc/unbound.profile
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 15include /etc/firejail/disable-passwdmgr.inc
16include /etc/firejail/disable-programs.inc 16include /etc/firejail/disable-programs.inc
17 17
18caps 18caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource
19# caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource
20no3d 19no3d
21nodvd 20nodvd
22nonewprivs 21nonewprivs
diff --git a/etc/wireshark.profile b/etc/wireshark.profile
index f1a17ba93..35e781f67 100644
--- a/etc/wireshark.profile
+++ b/etc/wireshark.profile
@@ -12,18 +12,19 @@ include /etc/firejail/disable-devel.inc
12include /etc/firejail/disable-passwdmgr.inc 12include /etc/firejail/disable-passwdmgr.inc
13include /etc/firejail/disable-programs.inc 13include /etc/firejail/disable-programs.inc
14 14
15# caps.drop all
15caps.keep dac_override,net_admin,net_raw 16caps.keep dac_override,net_admin,net_raw
16netfilter 17netfilter
17no3d 18no3d
18# nogroups - breaks unprivileged wireshark usage 19# nogroups - breaks network traffic capture for unprivileged users
19# nonewprivs - breaks unprivileged wireshark usage 20# nonewprivs - breaks network traffic capture for unprivileged users
20# noroot 21# noroot
21nodvd 22nodvd
22nosound 23nosound
23notv 24notv
24novideo 25novideo
25# protocol unix,inet,inet6,netlink 26# protocol unix,inet,inet6,netlink
26# seccomp - breaks unprivileged wireshark usage 27# seccomp - breaks network traffic capture for unprivileged users
27shell none 28shell none
28tracelog 29tracelog
29 30
diff --git a/etc/xplayer.profile b/etc/xplayer.profile
index 5c845e977..d4a2fa846 100644
--- a/etc/xplayer.profile
+++ b/etc/xplayer.profile
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc
13include /etc/firejail/disable-passwdmgr.inc 13include /etc/firejail/disable-passwdmgr.inc
14include /etc/firejail/disable-programs.inc 14include /etc/firejail/disable-programs.inc
15 15
16include /etc/firejail/whitelist-var-common.inc
17
16caps.drop all 18caps.drop all
17netfilter 19netfilter
18nogroups 20nogroups
diff --git a/etc/xreader.profile b/etc/xreader.profile
index bebcb262f..11e5d1102 100644
--- a/etc/xreader.profile
+++ b/etc/xreader.profile
@@ -32,7 +32,7 @@ tracelog
32 32
33private-bin xreader,xreader-previewer,xreader-thumbnailer 33private-bin xreader,xreader-previewer,xreader-thumbnailer
34private-dev 34private-dev
35# private-etc fonts,ld.so.cache 35private-etc fonts,ld.so.cache
36# xreader needs access to /tmp/mozilla* to work in firefox 36# xreader needs access to /tmp/mozilla* to work in firefox
37# private-tmp 37# private-tmp
38 38
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index f99704579..e7a7ef6d9 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -96,7 +96,7 @@ $ sudo firecfg --clean
96.SH LICENSE 96.SH LICENSE
97This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. 97This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
98.PP 98.PP
99Homepage: http://firejail.wordpress.com 99Homepage: https://firejail.wordpress.com
100.SH SEE ALSO 100.SH SEE ALSO
101\&\flfirejail\fR\|(1), 101\&\flfirejail\fR\|(1),
102\&\flfiremon\fR\|(1), 102\&\flfiremon\fR\|(1),
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt
index cb192b450..29030ba45 100644
--- a/src/man/firejail-login.txt
+++ b/src/man/firejail-login.txt
@@ -32,7 +32,7 @@ usermod \-\-shell /usr/bin/firejail username
32.SH LICENSE 32.SH LICENSE
33Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. 33Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
34.PP 34.PP
35Homepage: http://firejail.wordpress.com 35Homepage: https://firejail.wordpress.com
36.SH SEE ALSO 36.SH SEE ALSO
37\&\flfirejail\fR\|(1), 37\&\flfirejail\fR\|(1),
38\&\flfiremon\fR\|(1), 38\&\flfiremon\fR\|(1),
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 14485d5c1..5825d3427 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -622,7 +622,7 @@ $ firejail --profile-path=~/myprofiles
622.SH LICENSE 622.SH LICENSE
623Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. 623Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
624.PP 624.PP
625Homepage: http://firejail.wordpress.com 625Homepage: https://firejail.wordpress.com
626.SH SEE ALSO 626.SH SEE ALSO
627\&\flfirejail\fR\|(1), 627\&\flfirejail\fR\|(1),
628\&\flfiremon\fR\|(1), 628\&\flfiremon\fR\|(1),
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 17ddd5c88..83ac12d86 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -109,7 +109,7 @@ $ firejail --allusers
109Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. 109Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below.
110.TP 110.TP
111\fB\-\-appimage 111\fB\-\-appimage
112Sandbox an AppImage (http://appimage.org/) application. 112Sandbox an AppImage (https://appimage.org/) application.
113.br 113.br
114 114
115.br 115.br
@@ -2082,7 +2082,7 @@ $ firejail \-\-x11=xorg firefox
2082 2082
2083.TP 2083.TP
2084\fB\-\-x11=xpra 2084\fB\-\-x11=xpra
2085Start Xpra (http://xpra.org) and attach the sandbox to this server. 2085Start Xpra (https://xpra.org) and attach the sandbox to this server.
2086Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. 2086Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens.
2087A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. 2087A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket.
2088.br 2088.br
@@ -2536,7 +2536,7 @@ List all sandboxed processes.
2536.SH LICENSE 2536.SH LICENSE
2537This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. 2537This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
2538.PP 2538.PP
2539Homepage: http://firejail.wordpress.com 2539Homepage: https://firejail.wordpress.com
2540.SH SEE ALSO 2540.SH SEE ALSO
2541\&\flfiremon\fR\|(1), 2541\&\flfiremon\fR\|(1),
2542\&\flfirecfg\fR\|(1), 2542\&\flfirecfg\fR\|(1),
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-05 21:01:35 +0000