diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 3 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | src/man/firecfg.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 16 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 |
7 files changed, 20 insertions, 10 deletions
diff --git a/Makefile.in b/Makefile.in index c6bacff31..ebfbac318 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -116,6 +116,7 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes) | |||
116 | install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. | 116 | install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/. |
117 | install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. | 117 | install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/. |
118 | install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/. | 118 | install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/. |
119 | install -c -m 0755 contrib/syscalls.sh $(DESTDIR)/$(libdir)/firejail/. | ||
119 | endif | 120 | endif |
120 | # documents | 121 | # documents |
121 | install -m 0755 -d $(DESTDIR)/$(DOCDIR) | 122 | install -m 0755 -d $(DESTDIR)/$(DOCDIR) |
@@ -35,6 +35,8 @@ Wiki: https://github.com/netblue30/firejail/wiki | |||
35 | 35 | ||
36 | Travis-CI status: https://travis-ci.org/netblue30/firejail | 36 | Travis-CI status: https://travis-ci.org/netblue30/firejail |
37 | 37 | ||
38 | GitLab-CI status: https://gitlab.com/Firejail/firejail_ci/pipelines/ | ||
39 | |||
38 | 40 | ||
39 | ## Security vulnerabilities | 41 | ## Security vulnerabilities |
40 | 42 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index e1762719f..5fc65193a 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -284,8 +284,7 @@ read-only ${HOME}/bin | |||
284 | read-only ${HOME}/.bin | 284 | read-only ${HOME}/.bin |
285 | read-only ${HOME}/.local/bin | 285 | read-only ${HOME}/.local/bin |
286 | read-only ${HOME}/.cargo/bin | 286 | read-only ${HOME}/.cargo/bin |
287 | blacklist ${HOME}/.cargo/registry | 287 | read-only ${HOME}/.cargo/env |
288 | blacklist ${HOME}/.cargo/config | ||
289 | 288 | ||
290 | # Write-protection for desktop entries | 289 | # Write-protection for desktop entries |
291 | read-only ${HOME}/.config/menus | 290 | read-only ${HOME}/.config/menus |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index d4808f413..260d317d1 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -52,6 +52,8 @@ blacklist ${HOME}/.bibletime | |||
52 | blacklist ${HOME}/.bitcoin | 52 | blacklist ${HOME}/.bitcoin |
53 | blacklist ${HOME}/.bogofilter | 53 | blacklist ${HOME}/.bogofilter |
54 | blacklist ${HOME}/.bzf | 54 | blacklist ${HOME}/.bzf |
55 | blacklist ${HOME}/.cargo/registry | ||
56 | blacklist ${HOME}/.cargo/config | ||
55 | blacklist ${HOME}/.claws-mail | 57 | blacklist ${HOME}/.claws-mail |
56 | blacklist ${HOME}/.cliqz | 58 | blacklist ${HOME}/.cliqz |
57 | blacklist ${HOME}/.clonk | 59 | blacklist ${HOME}/.clonk |
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index b418faa15..2887a6c53 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -42,7 +42,7 @@ The following actions are implemented by default by running sudo firecfg: | |||
42 | .br | 42 | .br |
43 | 43 | ||
44 | .br | 44 | .br |
45 | -fix desktop files in $HOME/.local/share/applications/ (firecfg --fix). | 45 | - fix desktop files in $HOME/.local/share/applications/ (firecfg --fix). |
46 | .RE | 46 | .RE |
47 | 47 | ||
48 | .SH OPTIONS | 48 | .SH OPTIONS |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 74f99b538..3db8c782d 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -75,7 +75,13 @@ Child process initialized | |||
75 | .RE | 75 | .RE |
76 | 76 | ||
77 | .SH Templates | 77 | .SH Templates |
78 | Templates for writing own profiles can be found in /usr/share/doc/firejail. | 78 | In /usr/share/doc/firejail there are two templates to write new profiles. |
79 | .RS | ||
80 | profile.template - for regular profiles | ||
81 | .br | ||
82 | redirect_alias-profile.template - for aliasing/redirecting profiles | ||
83 | .RE | ||
84 | |||
79 | 85 | ||
80 | .SH Scripting | 86 | .SH Scripting |
81 | Scripting commands: | 87 | Scripting commands: |
@@ -144,7 +150,7 @@ Ignore command. | |||
144 | 150 | ||
145 | Example: "ignore seccomp" | 151 | Example: "ignore seccomp" |
146 | .br | 152 | .br |
147 | Example: "ignore net ehh0" | 153 | Example: "ignore net eth0" |
148 | 154 | ||
149 | .TP | 155 | .TP |
150 | \fBquiet | 156 | \fBquiet |
@@ -154,10 +160,10 @@ Example: "quiet" | |||
154 | 160 | ||
155 | .SH Filesystem | 161 | .SH Filesystem |
156 | These profile entries define a chroot filesystem built on top of the existing | 162 | These profile entries define a chroot filesystem built on top of the existing |
157 | host filesystem. Each line describes a file element that is removed from | 163 | host filesystem. Each line describes a file/directory that is inaccessible |
158 | the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), | 164 | (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR), |
159 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), | 165 | a tmpfs mounted on top of an existing directory (\fBtmpfs\fR), |
160 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). | 166 | or mount-bind a directory or file on top of another directory or file (\fBbind\fR). |
161 | Use \fBprivate\fR to set private mode. | 167 | Use \fBprivate\fR to set private mode. |
162 | File globbing is supported, and PATH and HOME directories are searched. | 168 | File globbing is supported, and PATH and HOME directories are searched. |
163 | Examples: | 169 | Examples: |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 951618669..86b76f58f 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -71,10 +71,10 @@ If an appropriate profile is not found, Firejail will use a default profile. | |||
71 | The default profile is quite restrictive. In case the application doesn't work, use --noprofile option | 71 | The default profile is quite restrictive. In case the application doesn't work, use --noprofile option |
72 | to disable it. For more information, please see \fBSECURITY PROFILES\fR section below. | 72 | to disable it. For more information, please see \fBSECURITY PROFILES\fR section below. |
73 | .PP | 73 | .PP |
74 | If a program argument is not specified, Firejail starts /bin/bash shell. | 74 | If a program argument is not specified, Firejail starts the default shell from the current user. |
75 | Examples: | 75 | Examples: |
76 | .PP | 76 | .PP |
77 | $ firejail [OPTIONS] # starting a /bin/bash shell | 77 | $ firejail [OPTIONS] # starting the user default shell (normally /bin/bash) |
78 | .PP | 78 | .PP |
79 | $ firejail [OPTIONS] firefox # starting Mozilla Firefox | 79 | $ firejail [OPTIONS] firefox # starting Mozilla Firefox |
80 | .PP | 80 | .PP |