diff options
-rw-r--r-- | .github/pull_request_template.md | 2 | ||||
-rw-r--r-- | CONTRIBUTING.md | 15 | ||||
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | README.md | 50 |
4 files changed, 38 insertions, 33 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ecc5be304..4a7998e87 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md | |||
@@ -7,7 +7,7 @@ following: | |||
7 | - The ordering of options follow the rules described in | 7 | - The ordering of options follow the rules described in |
8 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) | 8 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) |
9 | (/usr/share/doc/firejail/profile.template when installed). | 9 | (/usr/share/doc/firejail/profile.template when installed). |
10 | - Order the arguments of options alphabetically. You can easily do this with | 10 | - Order the arguments of options alphabetically. You can easily do this with |
11 | [sort.py](../blob/master/contrib/sort.py). | 11 | [sort.py](../blob/master/contrib/sort.py). |
12 | 12 | ||
13 | The path to it depends on your distro: | 13 | The path to it depends on your distro: |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ebc4d3a20..1ae293264 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -15,17 +15,18 @@ a comment in our dedicated issue: | |||
15 | When submitting a bug report, please provide the following information so that | 15 | When submitting a bug report, please provide the following information so that |
16 | we can handle the report more easily: | 16 | we can handle the report more easily: |
17 | 17 | ||
18 | - firejail version. If you're not sure, open a terminal and type `firejail --version`. | 18 | - firejail version. If you're not sure, open a terminal and type `firejail |
19 | --version`. | ||
19 | - Linux distribution (so that we can try to reproduce it, if necessary). | 20 | - Linux distribution (so that we can try to reproduce it, if necessary). |
20 | - If you know that the problem did not exist in an earlier version of firejail, please mention it. | 21 | - If you know that the problem did not exist in an earlier version of firejail, |
21 | - If you are reporting that a program does not work with firejail, please also run firejail with | 22 | please mention it. |
22 | the `--noprofile` argument. | 23 | - If you are reporting that a program does not work with firejail, please also |
23 | For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and | 24 | run firejail with the `--noprofile` argument. For example, if `firejail |
25 | firefox` does not work, please also run `firejail --noprofile firefox` and | ||
24 | let us know if it runs correctly or not. | 26 | let us know if it runs correctly or not. |
25 | - You may also try disabling various options provided in | 27 | - You may also try disabling various options provided in |
26 | `/etc/firejail/<ProgramName.profile>` until you find out which one causes | 28 | `/etc/firejail/<ProgramName.profile>` until you find out which one causes |
27 | problems. | 29 | problems. It will significantly help in finding a solution for your issue. |
28 | It will significantly help in finding a solution for your issue. | ||
29 | 30 | ||
30 | Please note: If you are running Debian, Ubuntu, Linux Mint, or another related | 31 | Please note: If you are running Debian, Ubuntu, Linux Mint, or another related |
31 | distribution and you installed firejail from your distro's repositories, please | 32 | distribution and you installed firejail from your distro's repositories, please |
@@ -8,7 +8,7 @@ Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, | |||
8 | FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. | 8 | FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. |
9 | 9 | ||
10 | Firejail also expands the restricted shell facility found in bash by adding | 10 | Firejail also expands the restricted shell facility found in bash by adding |
11 | Linux namespace support. It supports sandboxing specific users upon login. | 11 | Linux namespace support. It supports sandboxing specific users upon login. |
12 | 12 | ||
13 | Download: https://sourceforge.net/projects/firejail/files/ | 13 | Download: https://sourceforge.net/projects/firejail/files/ |
14 | Build and install: ./configure && make && sudo make install | 14 | Build and install: ./configure && make && sudo make install |
@@ -28,7 +28,7 @@ Compile and install the mainline version from GitHub: | |||
28 | cd firejail | 28 | cd firejail |
29 | ./configure && make && sudo make install-strip | 29 | ./configure && make && sudo make install-strip |
30 | 30 | ||
31 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development | 31 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
32 | libraries and pkg-config are required when using the --enable-apparmor | 32 | libraries and pkg-config are required when using the --enable-apparmor |
33 | ./configure option: | 33 | ./configure option: |
34 | 34 | ||
@@ -5,20 +5,24 @@ | |||
5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) | 5 | [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) |
6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) | 6 | [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) |
7 | 7 | ||
8 | Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting | 8 | Firejail is a SUID sandbox program that reduces the risk of security breaches |
9 | the running environment of untrusted applications using Linux namespaces, seccomp-bpf | 9 | by restricting the running environment of untrusted applications using Linux |
10 | and Linux capabilities. It allows a process and all its descendants to have their own private | 10 | namespaces, seccomp-bpf and Linux capabilities. It allows a process and all |
11 | view of the globally shared kernel resources, such as the network stack, process table, mount table. | 11 | its descendants to have their own private view of the globally shared kernel |
12 | Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. | 12 | resources, such as the network stack, process table, mount table. Firejail can |
13 | 13 | work in a SELinux or AppArmor environment, and it is integrated with Linux | |
14 | Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel | 14 | Control Groups. |
15 | version or newer. It can sandbox any type of processes: servers, graphical applications, and even | 15 | |
16 | user login sessions. The software includes sandbox profiles for a number of more common Linux programs, | 16 | Written in C with virtually no dependencies, the software runs on any Linux |
17 | computer with a 3.x kernel version or newer. It can sandbox any type of | ||
18 | processes: servers, graphical applications, and even user login sessions. The | ||
19 | software includes sandbox profiles for a number of more common Linux programs, | ||
17 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. | 20 | such as Mozilla Firefox, Chromium, VLC, Transmission etc. |
18 | 21 | ||
19 | The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, | 22 | The sandbox is lightweight, the overhead is low. There are no complicated |
20 | no socket connections open, no daemons running in the background. All security features are | 23 | configuration files to edit, no socket connections open, no daemons running in |
21 | implemented directly in Linux kernel and available on any Linux computer. | 24 | the background. All security features are implemented directly in Linux kernel |
25 | and available on any Linux computer. | ||
22 | 26 | ||
23 | ## Videos | 27 | ## Videos |
24 | 28 | ||
@@ -103,7 +107,7 @@ See also <https://wiki.ubuntu.com/SecurityTeam/FAQ>: | |||
103 | > What software is supported by the Ubuntu Security team? | 107 | > What software is supported by the Ubuntu Security team? |
104 | > | 108 | > |
105 | > Ubuntu is currently divided into four components: main, restricted, universe | 109 | > Ubuntu is currently divided into four components: main, restricted, universe |
106 | > and multiverse. All binary packages in main and restricted are supported by | 110 | > and multiverse. All binary packages in main and restricted are supported by |
107 | > the Ubuntu Security team for the life of an Ubuntu release, while binary | 111 | > the Ubuntu Security team for the life of an Ubuntu release, while binary |
108 | > packages in universe and multiverse are supported by the Ubuntu community. | 112 | > packages in universe and multiverse are supported by the Ubuntu community. |
109 | 113 | ||
@@ -147,7 +151,7 @@ cd firejail | |||
147 | ./configure && make && sudo make install-strip | 151 | ./configure && make && sudo make install-strip |
148 | ``` | 152 | ``` |
149 | 153 | ||
150 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development | 154 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
151 | libraries and pkg-config are required when using the `--enable-apparmor` | 155 | libraries and pkg-config are required when using the `--enable-apparmor` |
152 | ./configure option: | 156 | ./configure option: |
153 | 157 | ||
@@ -171,7 +175,7 @@ firejail vlc # starting VideoLAN Client | |||
171 | sudo firejail /etc/init.d/nginx start | 175 | sudo firejail /etc/init.d/nginx start |
172 | ``` | 176 | ``` |
173 | 177 | ||
174 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 178 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
175 | 179 | ||
176 | ```console | 180 | ```console |
177 | $ firejail --list | 181 | $ firejail --list |
@@ -191,16 +195,16 @@ firecfg --fix-sound | |||
191 | sudo firecfg | 195 | sudo firecfg |
192 | ``` | 196 | ``` |
193 | 197 | ||
194 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 198 | The first command solves some shared memory/PID namespace bugs in PulseAudio |
195 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 199 | software prior to version 9. The second command integrates Firejail into your |
196 | PulseAudio changes. | 200 | desktop. You would need to logout and login back to apply PulseAudio changes. |
197 | 201 | ||
198 | Start your programs the way you are used to: desktop manager menus, file | 202 | Start your programs the way you are used to: desktop manager menus, file |
199 | manager, desktop launchers. | 203 | manager, desktop launchers. |
200 | 204 | ||
201 | The integration applies to any program supported by default by Firejail. | 205 | The integration applies to any program supported by default by Firejail. There |
202 | There are over 900 default applications in the current Firejail version, and | 206 | are over 900 default applications in the current Firejail version, and the |
203 | the number goes up with every new release. | 207 | number goes up with every new release. |
204 | 208 | ||
205 | We keep the application list in | 209 | We keep the application list in |
206 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) | 210 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) |
@@ -290,8 +294,8 @@ Discussion: | |||
290 | 294 | ||
291 | ### Profile Statistics | 295 | ### Profile Statistics |
292 | 296 | ||
293 | A small tool to print profile statistics. Compile and install as usual. | 297 | A small tool to print profile statistics. Compile and install as usual. The |
294 | The tool is installed in the /usr/lib/firejail directory. | 298 | tool is installed in the /usr/lib/firejail directory. |
295 | 299 | ||
296 | Run it over the profiles in /etc/profiles: | 300 | Run it over the profiles in /etc/profiles: |
297 | 301 | ||