diff options
-rw-r--r-- | README | 10 | ||||
-rw-r--r-- | README.md | 50 |
2 files changed, 30 insertions, 30 deletions
@@ -23,21 +23,21 @@ Please report all security vulnerabilities to: | |||
23 | 23 | ||
24 | Compile and install mainline version from GitHub: | 24 | Compile and install mainline version from GitHub: |
25 | 25 | ||
26 | $ git clone https://github.com/netblue30/firejail.git | 26 | git clone https://github.com/netblue30/firejail.git |
27 | $ cd firejail | 27 | cd firejail |
28 | $ ./configure && make && sudo make install-strip | 28 | ./configure && make && sudo make install-strip |
29 | 29 | ||
30 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 30 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
31 | development libraries and pkg-config are required when using --enable-apparmor | 31 | development libraries and pkg-config are required when using --enable-apparmor |
32 | ./configure option: | 32 | ./configure option: |
33 | 33 | ||
34 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 34 | sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
35 | 35 | ||
36 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). | 36 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). |
37 | 37 | ||
38 | We build our release firejail.tar.xz and firejail.deb packages using the following command: | 38 | We build our release firejail.tar.xz and firejail.deb packages using the following command: |
39 | $ make distclean && ./configure && make deb | ||
40 | 39 | ||
40 | make distclean && ./configure && make deb | ||
41 | 41 | ||
42 | Maintainer: | 42 | Maintainer: |
43 | - netblue30 (netblue30@protonmail.com) | 43 | - netblue30 (netblue30@protonmail.com) |
@@ -110,19 +110,19 @@ Firejail is included in a large number of Linux distributions. | |||
110 | 110 | ||
111 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail's source code from our Git repository and compile manually: | 111 | You can also install one of the [released packages](http://sourceforge.net/projects/firejail/files/firejail), or clone Firejail's source code from our Git repository and compile manually: |
112 | 112 | ||
113 | ````` | 113 | ```sh |
114 | $ git clone https://github.com/netblue30/firejail.git | 114 | git clone https://github.com/netblue30/firejail.git |
115 | $ cd firejail | 115 | cd firejail |
116 | $ ./configure && make && sudo make install-strip | 116 | ./configure && make && sudo make install-strip |
117 | ````` | 117 | ``` |
118 | 118 | ||
119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
120 | development libraries and pkg-config are required when using `--enable-apparmor` | 120 | development libraries and pkg-config are required when using `--enable-apparmor` |
121 | ./configure option: | 121 | ./configure option: |
122 | 122 | ||
123 | ````` | 123 | ```sh |
124 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 124 | sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
125 | ````` | 125 | ``` |
126 | 126 | ||
127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). | 127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). |
128 | 128 | ||
@@ -132,32 +132,32 @@ Detailed information on using firejail from git is available on the [wiki](https | |||
132 | 132 | ||
133 | To start the sandbox, prefix your command with `firejail`: | 133 | To start the sandbox, prefix your command with `firejail`: |
134 | 134 | ||
135 | ````` | 135 | ```sh |
136 | $ firejail firefox # starting Mozilla Firefox | 136 | firejail firefox # starting Mozilla Firefox |
137 | $ firejail transmission-gtk # starting Transmission BitTorrent | 137 | firejail transmission-gtk # starting Transmission BitTorrent |
138 | $ firejail vlc # starting VideoLAN Client | 138 | firejail vlc # starting VideoLAN Client |
139 | $ sudo firejail /etc/init.d/nginx start | 139 | sudo firejail /etc/init.d/nginx start |
140 | ````` | 140 | ``` |
141 | 141 | ||
142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
143 | 143 | ||
144 | ````` | 144 | ```console |
145 | $ firejail --list | 145 | $ firejail --list |
146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
147 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt | 147 | 7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt |
148 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator | 148 | 7779:netblue:/usr/bin/firejail /usr/bin/galculator |
149 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 | 149 | 7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 |
150 | 7916:netblue:firejail --list | 150 | 7916:netblue:firejail --list |
151 | ````` | 151 | ``` |
152 | 152 | ||
153 | ## Desktop integration | 153 | ## Desktop integration |
154 | 154 | ||
155 | Integrate your sandbox into your desktop by running the following two commands: | 155 | Integrate your sandbox into your desktop by running the following two commands: |
156 | 156 | ||
157 | ````` | 157 | ```sh |
158 | $ firecfg --fix-sound | 158 | firecfg --fix-sound |
159 | $ sudo firecfg | 159 | sudo firecfg |
160 | ````` | 160 | ``` |
161 | 161 | ||
162 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. | 162 | The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. |
163 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply | 163 | The second command integrates Firejail into your desktop. You would need to logout and login back to apply |
@@ -190,18 +190,18 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
190 | 190 | ||
191 | ### --keep-shell-rc | 191 | ### --keep-shell-rc |
192 | 192 | ||
193 | ````` | 193 | ```text |
194 | --keep-shell-rc | 194 | --keep-shell-rc |
195 | By default, when using a private home directory, firejail copies | 195 | By default, when using a private home directory, firejail copies |
196 | files from the system's user home template (/etc/skel) into it, | 196 | files from the system's user home template (/etc/skel) into it, |
197 | which overrides attempts to whitelist the original files (such | 197 | which overrides attempts to whitelist the original files (such |
198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, | 198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, |
199 | and enables the user to whitelist the original files. | 199 | and enables the user to whitelist the original files. |
200 | ````` | 200 | ``` |
201 | 201 | ||
202 | ### private-etc rework | 202 | ### private-etc rework |
203 | 203 | ||
204 | ````` | 204 | ```text |
205 | --private-etc, --private-etc=file,directory,@group | 205 | --private-etc, --private-etc=file,directory,@group |
206 | The files installed by --private-etc are copies of the original | 206 | The files installed by --private-etc are copies of the original |
207 | system files from /etc directory. By default, the command | 207 | system files from /etc directory. By default, the command |
@@ -232,7 +232,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
232 | by your program is using strace utility: | 232 | by your program is using strace utility: |
233 | 233 | ||
234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | 234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc |
235 | ````` | 235 | ``` |
236 | 236 | ||
237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | 237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) |
238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 | 238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 |
@@ -242,7 +242,7 @@ Discussion: https://github.com/netblue30/firejail/discussions/5610 | |||
242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
243 | Run it over the profiles in /etc/profiles: | 243 | Run it over the profiles in /etc/profiles: |
244 | 244 | ||
245 | ``` | 245 | ```console |
246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile | 246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
247 | No include .local found in /etc/firejail/noprofile.profile | 247 | No include .local found in /etc/firejail/noprofile.profile |
248 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile | 248 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile |