diff options
-rw-r--r-- | .github/pull_request_template.md | 4 | ||||
-rw-r--r-- | CONTRIBUTING.md | 3 | ||||
-rw-r--r-- | README.md | 13 |
3 files changed, 17 insertions, 3 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 3c256dd87..72556609b 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md | |||
@@ -1,10 +1,12 @@ | |||
1 | If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR. | 1 | If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR. |
2 | 2 | ||
3 | If you submit a PR for new profiles or changing profiles, please do the following: | 3 | If you submit a PR for new profiles or changing profiles, please do the following: |
4 | |||
4 | - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). | 5 | - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). |
5 | > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. | 6 | > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. |
6 | - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). | 7 | - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). |
7 | The path to it depends on your distro: | 8 | |
9 | The path to it depends on your distro: | ||
8 | 10 | ||
9 | | Distro | Path | | 11 | | Distro | Path | |
10 | | ------ | ---- | | 12 | | ------ | ---- | |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 76d3e709b..9c7dad2dc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -1,6 +1,7 @@ | |||
1 | Welcome to firejail, and thank you for your interest in contributing! | 1 | Welcome to firejail, and thank you for your interest in contributing! |
2 | 2 | ||
3 | # Opening an issue: | 3 | # Opening an issue: |
4 | |||
4 | We welcome issues, whether to ask a question, provide information, request a new profile or | 5 | We welcome issues, whether to ask a question, provide information, request a new profile or |
5 | feature, or to report a suspected bug or problem. | 6 | feature, or to report a suspected bug or problem. |
6 | 7 | ||
@@ -9,6 +10,7 @@ our [dedicated issue](https://github.com/netblue30/firejail/issues/1139). | |||
9 | 10 | ||
10 | When submitting a bug report, please provide the following information so that | 11 | When submitting a bug report, please provide the following information so that |
11 | we can handle the report more easily: | 12 | we can handle the report more easily: |
13 | |||
12 | - firejail version. If you're not sure, open a terminal and type `firejail --version`. | 14 | - firejail version. If you're not sure, open a terminal and type `firejail --version`. |
13 | - Linux distribution (so that we can try to reproduce it, if necessary). | 15 | - Linux distribution (so that we can try to reproduce it, if necessary). |
14 | - If you know that the problem did not exist in an earlier version of firejail, please mention it. | 16 | - If you know that the problem did not exist in an earlier version of firejail, please mention it. |
@@ -28,6 +30,7 @@ We take security bugs very seriously. If you believe you have found one, please | |||
28 | emailing us at netblue30@protonmail.com | 30 | emailing us at netblue30@protonmail.com |
29 | 31 | ||
30 | # Opening an pull request: | 32 | # Opening an pull request: |
33 | |||
31 | Pull requests with enhancements, bugfixes or new profiles are very welcome. | 34 | Pull requests with enhancements, bugfixes or new profiles are very welcome. |
32 | 35 | ||
33 | If you want to write a new profile, the easiest way to do this is to use the | 36 | If you want to write a new profile, the easiest way to do this is to use the |
@@ -1,4 +1,5 @@ | |||
1 | # Firejail | 1 | # Firejail |
2 | |||
2 | [![Build Status](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines/) | 3 | [![Build Status](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines/) |
3 | [![CodeQL](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) | 4 | [![CodeQL](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) |
4 | [![Build CI](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22) | 5 | [![Build CI](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22) |
@@ -114,12 +115,15 @@ $ git clone https://github.com/netblue30/firejail.git | |||
114 | $ cd firejail | 115 | $ cd firejail |
115 | $ ./configure && make && sudo make install-strip | 116 | $ ./configure && make && sudo make install-strip |
116 | ````` | 117 | ````` |
118 | |||
117 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
118 | development libraries and pkg-config are required when using `--enable-apparmor` | 120 | development libraries and pkg-config are required when using `--enable-apparmor` |
119 | ./configure option: | 121 | ./configure option: |
122 | |||
120 | ````` | 123 | ````` |
121 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 124 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
122 | ````` | 125 | ````` |
126 | |||
123 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). | 127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). |
124 | 128 | ||
125 | Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). | 129 | Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). |
@@ -134,7 +138,9 @@ $ firejail transmission-gtk # starting Transmission BitTorrent | |||
134 | $ firejail vlc # starting VideoLAN Client | 138 | $ firejail vlc # starting VideoLAN Client |
135 | $ sudo firejail /etc/init.d/nginx start | 139 | $ sudo firejail /etc/init.d/nginx start |
136 | ````` | 140 | ````` |
141 | |||
137 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
143 | |||
138 | ````` | 144 | ````` |
139 | $ firejail --list | 145 | $ firejail --list |
140 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
@@ -147,6 +153,7 @@ $ firejail --list | |||
147 | ## Desktop integration | 153 | ## Desktop integration |
148 | 154 | ||
149 | Integrate your sandbox into your desktop by running the following two commands: | 155 | Integrate your sandbox into your desktop by running the following two commands: |
156 | |||
150 | ````` | 157 | ````` |
151 | $ firecfg --fix-sound | 158 | $ firecfg --fix-sound |
152 | $ sudo firecfg | 159 | $ sudo firecfg |
@@ -169,7 +176,6 @@ You can find the profiles for all supported applications in [/etc/firejail](http | |||
169 | If you keep additional Firejail security profiles in a public repository, please give us a link: | 176 | If you keep additional Firejail security profiles in a public repository, please give us a link: |
170 | 177 | ||
171 | * https://github.com/chiraag-nataraj/firejail-profiles | 178 | * https://github.com/chiraag-nataraj/firejail-profiles |
172 | |||
173 | * https://github.com/triceratops1/fe | 179 | * https://github.com/triceratops1/fe |
174 | 180 | ||
175 | Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) | 181 | Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) |
@@ -183,6 +189,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
183 | ## Current development version: 0.9.73 | 189 | ## Current development version: 0.9.73 |
184 | 190 | ||
185 | ### --keep-shell-rc | 191 | ### --keep-shell-rc |
192 | |||
186 | ````` | 193 | ````` |
187 | --keep-shell-rc | 194 | --keep-shell-rc |
188 | By default, when using a private home directory, firejail copies | 195 | By default, when using a private home directory, firejail copies |
@@ -190,10 +197,10 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
190 | which overrides attempts to whitelist the original files (such | 197 | which overrides attempts to whitelist the original files (such |
191 | as ~/.bashrc and ~/.zshrc). This option disables this feature, | 198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, |
192 | and enables the user to whitelist the original files. | 199 | and enables the user to whitelist the original files. |
193 | |||
194 | ````` | 200 | ````` |
195 | 201 | ||
196 | ### private-etc rework | 202 | ### private-etc rework |
203 | |||
197 | ````` | 204 | ````` |
198 | --private-etc, --private-etc=file,directory,@group | 205 | --private-etc, --private-etc=file,directory,@group |
199 | The files installed by --private-etc are copies of the original | 206 | The files installed by --private-etc are copies of the original |
@@ -226,6 +233,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
226 | 233 | ||
227 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | 234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc |
228 | ````` | 235 | ````` |
236 | |||
229 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | 237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) |
230 | Discussion: https://github.com/netblue30/firejail/discussions/5610 | 238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 |
231 | 239 | ||
@@ -233,6 +241,7 @@ Discussion: https://github.com/netblue30/firejail/discussions/5610 | |||
233 | 241 | ||
234 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
235 | Run it over the profiles in /etc/profiles: | 243 | Run it over the profiles in /etc/profiles: |
244 | |||
236 | ``` | 245 | ``` |
237 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile | 246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
238 | No include .local found in /etc/firejail/noprofile.profile | 247 | No include .local found in /etc/firejail/noprofile.profile |