diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 84 | ||||
-rw-r--r-- | etc/profile-a-l/Books.profile | 5 |
3 files changed, 39 insertions, 52 deletions
@@ -310,6 +310,8 @@ DiGitHubCap (https://github.com/DiGitHubCap) | |||
310 | - fix qt5ct colour schemes and QSS | 310 | - fix qt5ct colour schemes and QSS |
311 | Disconnect3d (https://github.com/disconnect3d) | 311 | Disconnect3d (https://github.com/disconnect3d) |
312 | - code cleanup | 312 | - code cleanup |
313 | dm9pZCAq (https://github.com/dm9pZCAq) | ||
314 | - fix for compilation under musl | ||
313 | dmfreemon (https://github.com/dmfreemon) | 315 | dmfreemon (https://github.com/dmfreemon) |
314 | - add sandbox name or name of private directory to the window title when xpra is used | 316 | - add sandbox name or name of private directory to the window title when xpra is used |
315 | - handle malloc() failures; use gnu_basename() instead of basenaem() | 317 | - handle malloc() failures; use gnu_basename() instead of basenaem() |
@@ -22,43 +22,23 @@ implemented directly in Linux kernel and available on any Linux computer. | |||
22 | <table><tr> | 22 | <table><tr> |
23 | 23 | ||
24 | <td> | 24 | <td> |
25 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=8jfXL0ePV7U | 25 | <a href="https://www.brighteon.com/1928415c-2bce-40b2-a81f-7861a3734913" target="_blank"> |
26 | " target="_blank"><img src="http://img.youtube.com/vi/8jfXL0ePV7U/0.jpg" | 26 | <img src="https://www.brighteon.com/thumbnail/1928415c-2bce-40b2-a81f-7861a3734913" |
27 | alt="Firejail Introduction" width="240" height="180" border="10" /><br/>Firejail Intro</a> | 27 | alt="Introduction" width="240" height="180" border="10" /><br/>Introduction</a> |
28 | </td> | 28 | </td> |
29 | 29 | ||
30 | <td> | 30 | <td> |
31 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=J1ZsXrpAgBU | 31 | <a href="https://www.brighteon.com/c20c32ac-1953-438f-8640-a414dcb318d6" target="_blank"> |
32 | " target="_blank"><img src="http://img.youtube.com/vi/J1ZsXrpAgBU/0.jpg" | 32 | <img src="https://www.brighteon.com/thumbnail/c20c32ac-1953-438f-8640-a414dcb318d6" |
33 | alt="Firejail Demo" width="240" height="180" border="10" /><br/>Firejail Demo</a> | 33 | alt="Technology" width="240" height="180" border="10" /><br/>Technology</a> |
34 | </td> | 34 | </td> |
35 | 35 | ||
36 | <td> | 36 | <td> |
37 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=EyEz65RYfw4 | 37 | <a href="https://www.brighteon.com/94ae1731-2352-4cda-bb48-7cc7a6ad32f8" target="_blank"> |
38 | " target="_blank"><img src="http://img.youtube.com/vi/EyEz65RYfw4/0.jpg" | 38 | <img src="https://www.brighteon.com/thumbnail/94ae1731-2352-4cda-bb48-7cc7a6ad32f8" |
39 | alt="Debian Install" width="240" height="180" border="10" /><br/>Debian Install</a> | 39 | alt="Deep Dive" width="240" height="180" border="10" /><br/>Deep Dive</a> |
40 | </td> | 40 | </td> |
41 | 41 | ||
42 | |||
43 | </tr><tr> | ||
44 | <td> | ||
45 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=Uy2ZTHc4s0w | ||
46 | " target="_blank"><img src="http://img.youtube.com/vi/Uy2ZTHc4s0w/0.jpg" | ||
47 | alt="Arch Linux Install" width="240" height="180" border="10" /><br/>Arch Linux Install</a> | ||
48 | |||
49 | </td> | ||
50 | <td> | ||
51 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=xuMxRx0zSfQ | ||
52 | " target="_blank"><img src="http://img.youtube.com/vi/xuMxRx0zSfQ/0.jpg" | ||
53 | alt="Disable Network Access" width="240" height="180" border="10" /><br/>Disable Network Access</a> | ||
54 | |||
55 | </td> | ||
56 | <td> | ||
57 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=N-Mso2bSr3o | ||
58 | " target="_blank"><img src="http://img.youtube.com/vi/N-Mso2bSr3o/0.jpg" | ||
59 | alt="Firejail Security Deep Dive" width="240" height="180" border="10" /><br/>Firejail Security Deep Dive</a> | ||
60 | |||
61 | </td> | ||
62 | </tr></table> | 42 | </tr></table> |
63 | 43 | ||
64 | Project webpage: https://firejail.wordpress.com/ | 44 | Project webpage: https://firejail.wordpress.com/ |
@@ -239,30 +219,30 @@ A small tool to print profile statistics. Compile as usual and run in /etc/profi | |||
239 | $ sudo cp src/profstats/profstats /etc/firejail/. | 219 | $ sudo cp src/profstats/profstats /etc/firejail/. |
240 | $ cd /etc/firejail | 220 | $ cd /etc/firejail |
241 | $ ./profstats *.profile | 221 | $ ./profstats *.profile |
242 | profiles 1150 | 222 | profiles 1167 |
243 | include local profile 1150 (include profile-name.local) | 223 | include local profile 1167 (include profile-name.local) |
244 | include globals 1120 (include globals.local) | 224 | include globals 1136 (include globals.local) |
245 | blacklist ~/.ssh 1026 (include disable-common.inc) | 225 | blacklist ~/.ssh 1042 (include disable-common.inc) |
246 | seccomp 1050 | 226 | seccomp 1062 |
247 | capabilities 1146 | 227 | capabilities 1163 |
248 | noexec 1030 (include disable-exec.inc) | 228 | noexec 1049 (include disable-exec.inc) |
249 | noroot 959 | 229 | noroot 971 |
250 | memory-deny-write-execute 253 | 230 | memory-deny-write-execute 256 |
251 | apparmor 681 | 231 | apparmor 693 |
252 | private-bin 667 | 232 | private-bin 677 |
253 | private-dev 1009 | 233 | private-dev 1027 |
254 | private-etc 523 | 234 | private-etc 532 |
255 | private-tmp 883 | 235 | private-tmp 897 |
256 | whitelist home directory 547 | 236 | whitelist home directory 557 |
257 | whitelist var 818 (include whitelist-var-common.inc) | 237 | whitelist var 836 (include whitelist-var-common.inc) |
258 | whitelist run/user 616 (include whitelist-runuser-common.inc | 238 | whitelist run/user 1137 (include whitelist-runuser-common.inc |
259 | or blacklist ${RUNUSER}) | 239 | or blacklist ${RUNUSER}) |
260 | whitelist usr/share 591 (include whitelist-usr-share-common.inc | 240 | whitelist usr/share 609 (include whitelist-usr-share-common.inc |
261 | net none 391 | 241 | net none 396 |
262 | dbus-user none 641 | 242 | dbus-user none 656 |
263 | dbus-user filter 105 | 243 | dbus-user filter 108 |
264 | dbus-system none 792 | 244 | dbus-system none 808 |
265 | dbus-system filter 7 | 245 | dbus-system filter 10 |
266 | ``` | 246 | ``` |
267 | 247 | ||
268 | ### New profiles: | 248 | ### New profiles: |
diff --git a/etc/profile-a-l/Books.profile b/etc/profile-a-l/Books.profile index 76fd21d32..a256e942f 100644 --- a/etc/profile-a-l/Books.profile +++ b/etc/profile-a-l/Books.profile | |||
@@ -1,5 +1,10 @@ | |||
1 | # Firejail profile for gnome-books | 1 | # Firejail profile for gnome-books |
2 | # This file is overwritten after every install/update | 2 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | ||
4 | include Books.local | ||
5 | # Persistent global definitions | ||
6 | # added by included profile | ||
7 | #include globals.local | ||
3 | 8 | ||
4 | 9 | ||
5 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 | 10 | # Temporary fix for https://github.com/netblue30/firejail/issues/2624 |