diff options
-rw-r--r-- | etc/dnscrypt-proxy.profile | 3 | ||||
-rw-r--r-- | etc/dnsmasq.profile | 3 | ||||
-rw-r--r-- | etc/unbound.profile | 3 | ||||
-rw-r--r-- | etc/wireshark.profile | 7 | ||||
-rw-r--r-- | etc/xplayer.profile | 2 | ||||
-rw-r--r-- | etc/xreader.profile | 2 | ||||
-rw-r--r-- | src/man/firecfg.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-login.txt | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 6 |
10 files changed, 16 insertions, 16 deletions
diff --git a/etc/dnscrypt-proxy.profile b/etc/dnscrypt-proxy.profile index 6d4f6349a..458de81e2 100644 --- a/etc/dnscrypt-proxy.profile +++ b/etc/dnscrypt-proxy.profile | |||
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps | 18 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
19 | # caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot | ||
20 | no3d | 19 | no3d |
21 | nodvd | 20 | nodvd |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile index 2a1302adb..e6086d1b2 100644 --- a/etc/dnsmasq.profile +++ b/etc/dnsmasq.profile | |||
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps | 18 | caps.keep net_admin,net_bind_service,net_raw,setgid,setuid |
19 | # caps.keep net_admin,net_bind_service,net_raw,setgid,setuid | ||
20 | no3d | 19 | no3d |
21 | nodvd | 20 | nodvd |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/unbound.profile b/etc/unbound.profile index d380b5698..c03a25752 100644 --- a/etc/unbound.profile +++ b/etc/unbound.profile | |||
@@ -15,8 +15,7 @@ include /etc/firejail/disable-devel.inc | |||
15 | include /etc/firejail/disable-passwdmgr.inc | 15 | include /etc/firejail/disable-passwdmgr.inc |
16 | include /etc/firejail/disable-programs.inc | 16 | include /etc/firejail/disable-programs.inc |
17 | 17 | ||
18 | caps | 18 | caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource |
19 | # caps.keep net_bind_service,setgid,setuid,sys_chroot,sys_resource | ||
20 | no3d | 19 | no3d |
21 | nodvd | 20 | nodvd |
22 | nonewprivs | 21 | nonewprivs |
diff --git a/etc/wireshark.profile b/etc/wireshark.profile index f1a17ba93..35e781f67 100644 --- a/etc/wireshark.profile +++ b/etc/wireshark.profile | |||
@@ -12,18 +12,19 @@ include /etc/firejail/disable-devel.inc | |||
12 | include /etc/firejail/disable-passwdmgr.inc | 12 | include /etc/firejail/disable-passwdmgr.inc |
13 | include /etc/firejail/disable-programs.inc | 13 | include /etc/firejail/disable-programs.inc |
14 | 14 | ||
15 | # caps.drop all | ||
15 | caps.keep dac_override,net_admin,net_raw | 16 | caps.keep dac_override,net_admin,net_raw |
16 | netfilter | 17 | netfilter |
17 | no3d | 18 | no3d |
18 | # nogroups - breaks unprivileged wireshark usage | 19 | # nogroups - breaks network traffic capture for unprivileged users |
19 | # nonewprivs - breaks unprivileged wireshark usage | 20 | # nonewprivs - breaks network traffic capture for unprivileged users |
20 | # noroot | 21 | # noroot |
21 | nodvd | 22 | nodvd |
22 | nosound | 23 | nosound |
23 | notv | 24 | notv |
24 | novideo | 25 | novideo |
25 | # protocol unix,inet,inet6,netlink | 26 | # protocol unix,inet,inet6,netlink |
26 | # seccomp - breaks unprivileged wireshark usage | 27 | # seccomp - breaks network traffic capture for unprivileged users |
27 | shell none | 28 | shell none |
28 | tracelog | 29 | tracelog |
29 | 30 | ||
diff --git a/etc/xplayer.profile b/etc/xplayer.profile index 5c845e977..d4a2fa846 100644 --- a/etc/xplayer.profile +++ b/etc/xplayer.profile | |||
@@ -13,6 +13,8 @@ include /etc/firejail/disable-devel.inc | |||
13 | include /etc/firejail/disable-passwdmgr.inc | 13 | include /etc/firejail/disable-passwdmgr.inc |
14 | include /etc/firejail/disable-programs.inc | 14 | include /etc/firejail/disable-programs.inc |
15 | 15 | ||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
16 | caps.drop all | 18 | caps.drop all |
17 | netfilter | 19 | netfilter |
18 | nogroups | 20 | nogroups |
diff --git a/etc/xreader.profile b/etc/xreader.profile index bebcb262f..11e5d1102 100644 --- a/etc/xreader.profile +++ b/etc/xreader.profile | |||
@@ -32,7 +32,7 @@ tracelog | |||
32 | 32 | ||
33 | private-bin xreader,xreader-previewer,xreader-thumbnailer | 33 | private-bin xreader,xreader-previewer,xreader-thumbnailer |
34 | private-dev | 34 | private-dev |
35 | # private-etc fonts,ld.so.cache | 35 | private-etc fonts,ld.so.cache |
36 | # xreader needs access to /tmp/mozilla* to work in firefox | 36 | # xreader needs access to /tmp/mozilla* to work in firefox |
37 | # private-tmp | 37 | # private-tmp |
38 | 38 | ||
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index f99704579..e7a7ef6d9 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -96,7 +96,7 @@ $ sudo firecfg --clean | |||
96 | .SH LICENSE | 96 | .SH LICENSE |
97 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 97 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
98 | .PP | 98 | .PP |
99 | Homepage: http://firejail.wordpress.com | 99 | Homepage: https://firejail.wordpress.com |
100 | .SH SEE ALSO | 100 | .SH SEE ALSO |
101 | \&\flfirejail\fR\|(1), | 101 | \&\flfirejail\fR\|(1), |
102 | \&\flfiremon\fR\|(1), | 102 | \&\flfiremon\fR\|(1), |
diff --git a/src/man/firejail-login.txt b/src/man/firejail-login.txt index cb192b450..29030ba45 100644 --- a/src/man/firejail-login.txt +++ b/src/man/firejail-login.txt | |||
@@ -32,7 +32,7 @@ usermod \-\-shell /usr/bin/firejail username | |||
32 | .SH LICENSE | 32 | .SH LICENSE |
33 | Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 33 | Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
34 | .PP | 34 | .PP |
35 | Homepage: http://firejail.wordpress.com | 35 | Homepage: https://firejail.wordpress.com |
36 | .SH SEE ALSO | 36 | .SH SEE ALSO |
37 | \&\flfirejail\fR\|(1), | 37 | \&\flfirejail\fR\|(1), |
38 | \&\flfiremon\fR\|(1), | 38 | \&\flfiremon\fR\|(1), |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 14485d5c1..5825d3427 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -622,7 +622,7 @@ $ firejail --profile-path=~/myprofiles | |||
622 | .SH LICENSE | 622 | .SH LICENSE |
623 | Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 623 | Firejail is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
624 | .PP | 624 | .PP |
625 | Homepage: http://firejail.wordpress.com | 625 | Homepage: https://firejail.wordpress.com |
626 | .SH SEE ALSO | 626 | .SH SEE ALSO |
627 | \&\flfirejail\fR\|(1), | 627 | \&\flfirejail\fR\|(1), |
628 | \&\flfiremon\fR\|(1), | 628 | \&\flfiremon\fR\|(1), |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 17ddd5c88..83ac12d86 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -109,7 +109,7 @@ $ firejail --allusers | |||
109 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. | 109 | Enable AppArmor confinement. For more information, please see \fBAPPARMOR\fR section below. |
110 | .TP | 110 | .TP |
111 | \fB\-\-appimage | 111 | \fB\-\-appimage |
112 | Sandbox an AppImage (http://appimage.org/) application. | 112 | Sandbox an AppImage (https://appimage.org/) application. |
113 | .br | 113 | .br |
114 | 114 | ||
115 | .br | 115 | .br |
@@ -2082,7 +2082,7 @@ $ firejail \-\-x11=xorg firefox | |||
2082 | 2082 | ||
2083 | .TP | 2083 | .TP |
2084 | \fB\-\-x11=xpra | 2084 | \fB\-\-x11=xpra |
2085 | Start Xpra (http://xpra.org) and attach the sandbox to this server. | 2085 | Start Xpra (https://xpra.org) and attach the sandbox to this server. |
2086 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. | 2086 | Xpra is a persistent remote display server and client for forwarding X11 applications and desktop screens. |
2087 | A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. | 2087 | A network namespace needs to be instantiated in order to deny access to X11 abstract Unix domain socket. |
2088 | .br | 2088 | .br |
@@ -2536,7 +2536,7 @@ List all sandboxed processes. | |||
2536 | .SH LICENSE | 2536 | .SH LICENSE |
2537 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. | 2537 | This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
2538 | .PP | 2538 | .PP |
2539 | Homepage: http://firejail.wordpress.com | 2539 | Homepage: https://firejail.wordpress.com |
2540 | .SH SEE ALSO | 2540 | .SH SEE ALSO |
2541 | \&\flfiremon\fR\|(1), | 2541 | \&\flfiremon\fR\|(1), |
2542 | \&\flfirecfg\fR\|(1), | 2542 | \&\flfirecfg\fR\|(1), |