diff options
-rw-r--r-- | .github/pull_request_template.md | 9 | ||||
-rw-r--r-- | CONTRIBUTING.md | 26 | ||||
-rw-r--r-- | README.md | 37 |
3 files changed, 51 insertions, 21 deletions
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 1947cb00f..faa2a4108 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md | |||
@@ -2,8 +2,11 @@ If your PR isn't about profiles or you have no idea how to do one of these, skip | |||
2 | 2 | ||
3 | If you submit a PR for new profiles or changing profiles, please do the following: | 3 | If you submit a PR for new profiles or changing profiles, please do the following: |
4 | 4 | ||
5 | - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). | 5 | - The ordering of options follow the rules described in |
6 | - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). | 6 | [etc/templates/profile.template](../blob/master/etc/templates/profile.template) |
7 | (/usr/share/doc/firejail/profile.template when installed). | ||
8 | - Order the arguments of options alphabetically. You can easily do this with | ||
9 | [sort.py](../blob/master/contrib/sort.py). | ||
7 | 10 | ||
8 | The path to it depends on your distro: | 11 | The path to it depends on your distro: |
9 | 12 | ||
@@ -13,4 +16,4 @@ If you submit a PR for new profiles or changing profiles, please do the followin | |||
13 | | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | | 16 | | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | |
14 | | local git clone | `contrib/sort.py` | | 17 | | local git clone | `contrib/sort.py` | |
15 | 18 | ||
16 | See also [CONTRIBUTING.md](/CONTRIBUTING.md). | 19 | See also [CONTRIBUTING.md](../blob/master/CONTRIBUTING.md). |
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 55d8974c4..e1f533dde 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md | |||
@@ -7,8 +7,10 @@ Welcome to firejail, and thank you for your interest in contributing! | |||
7 | We welcome issues, whether to ask a question, provide information, request a new profile or | 7 | We welcome issues, whether to ask a question, provide information, request a new profile or |
8 | feature, or to report a suspected bug or problem. | 8 | feature, or to report a suspected bug or problem. |
9 | 9 | ||
10 | If you want to request a program profile that we don't already have, please add a comment in | 10 | If you want to request a program profile that we don't already have, please add |
11 | our [dedicated issue](https://github.com/netblue30/firejail/issues/1139). | 11 | a comment in our dedicated issue: |
12 | |||
13 | - [Profile requests](https://github.com/netblue30/firejail/issues/1139) | ||
12 | 14 | ||
13 | When submitting a bug report, please provide the following information so that | 15 | When submitting a bug report, please provide the following information so that |
14 | we can handle the report more easily: | 16 | we can handle the report more easily: |
@@ -22,11 +24,15 @@ we can handle the report more easily: | |||
22 | let us know if it runs correctly or not. | 24 | let us know if it runs correctly or not. |
23 | - You may also try disabling various options provided in `/etc/firejail/<ProgramName.profile>` until you find out which one causes problems. It will significantly help to find solution for your issue. | 25 | - You may also try disabling various options provided in `/etc/firejail/<ProgramName.profile>` until you find out which one causes problems. It will significantly help to find solution for your issue. |
24 | 26 | ||
25 | Please note: if you are running Debian, Ubuntu, Linux Mint, or another related | 27 | Please note: If you are running Debian, Ubuntu, Linux Mint, or another related |
26 | distribution and you installed firejail from your distro's repositories, please | 28 | distribution and you installed firejail from your distro's repositories, please |
27 | ensure that **both** of the following were installed: | 29 | ensure that **all** of the following packages were installed: |
28 | `firejail` and `firejail-profiles`. A common source of issues is that | 30 | |
29 | firejail-profiles was not installed when installing firejail. | 31 | - firejail |
32 | - firejail-profiles | ||
33 | |||
34 | A common source of issues is that firejail-profiles was not installed when | ||
35 | installing firejail. | ||
30 | 36 | ||
31 | ## Security vulnerabilities | 37 | ## Security vulnerabilities |
32 | 38 | ||
@@ -37,8 +43,12 @@ See [SECURITY.md](SECURITY.md). | |||
37 | Pull requests with enhancements, bugfixes or new profiles are very welcome. | 43 | Pull requests with enhancements, bugfixes or new profiles are very welcome. |
38 | 44 | ||
39 | If you want to write a new profile, the easiest way to do this is to use the | 45 | If you want to write a new profile, the easiest way to do this is to use the |
40 | [profile template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). | 46 | profile template: |
41 | If you have already written a profile, please make sure it follows the rules described in the template. | 47 | |
48 | - [etc/templates/profile.template](etc/templates/profile.template) | ||
49 | |||
50 | If you have already written a profile, please make sure it follows the rules | ||
51 | described in the template. | ||
42 | 52 | ||
43 | If you add a new command, here's the checklist: | 53 | If you add a new command, here's the checklist: |
44 | 54 | ||
@@ -189,23 +189,35 @@ PulseAudio changes. | |||
189 | Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. | 189 | Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. |
190 | The integration applies to any program supported by default by Firejail. There are about 250 default applications | 190 | The integration applies to any program supported by default by Firejail. There are about 250 default applications |
191 | in current Firejail version, and the number goes up with every new release. | 191 | in current Firejail version, and the number goes up with every new release. |
192 | We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. | 192 | |
193 | We keep the application list in | ||
194 | [src/firecfg/firecfg.config](src/firecfg/firecfg.config) | ||
195 | (/etc/firejail/firecfg.config when installed). | ||
193 | 196 | ||
194 | ## Security profiles | 197 | ## Security profiles |
195 | 198 | ||
196 | Most Firejail command line options can be passed to the sandbox using profile files. | 199 | Most Firejail command line options can be passed to the sandbox using profile |
197 | You can find the profiles for all supported applications in [/etc/firejail](https://github.com/netblue30/firejail/tree/master/etc) directory. | 200 | files. |
201 | |||
202 | You can find the profiles for all supported applications in [etc/](etc/) | ||
203 | (/etc/firejail/ when installed). | ||
204 | |||
205 | We also keep a list of profile fixes for previous released versions in | ||
206 | [etc-fixes/](etc-fixes/). | ||
198 | 207 | ||
199 | If you keep additional Firejail security profiles in a public repository, please give us a link: | 208 | If you keep additional Firejail security profiles in a public repository, |
209 | please give us a link: | ||
200 | 210 | ||
201 | * <https://github.com/chiraag-nataraj/firejail-profiles> | 211 | * <https://github.com/chiraag-nataraj/firejail-profiles> |
202 | * <https://github.com/triceratops1/fe> | 212 | * <https://github.com/triceratops1/fe> |
203 | 213 | ||
204 | Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) | 214 | Use this issue to request new profiles: |
205 | 215 | ||
206 | You can also use this tool to get a list of syscalls needed by a program: [contrib/syscalls.sh](contrib/syscalls.sh). | 216 | * [Profile requests](https://github.com/netblue30/firejail/issues/1139) |
207 | 217 | ||
208 | We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. | 218 | You can also use this tool to get a list of syscalls needed by a program: |
219 | |||
220 | * [contrib/syscalls.sh](contrib/syscalls.sh) | ||
209 | 221 | ||
210 | ## Latest released version: 0.9.72 | 222 | ## Latest released version: 0.9.72 |
211 | 223 | ||
@@ -257,13 +269,18 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
257 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | 269 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc |
258 | ``` | 270 | ``` |
259 | 271 | ||
260 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | 272 | We keep the list of groups in |
273 | [src/include/etc_groups.h](src/include/etc_groups.h). | ||
274 | |||
275 | Discussion: | ||
261 | 276 | ||
262 | Discussion: <https://github.com/netblue30/firejail/discussions/5610> | 277 | * [private-etc rework](https://github.com/netblue30/firejail/discussions/5610) |
263 | 278 | ||
264 | ### Profile Statistics | 279 | ### Profile Statistics |
265 | 280 | ||
266 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 281 | A small tool to print profile statistics. Compile and install as usual. |
282 | The tool is installed in the /usr/lib/firejail directory. | ||
283 | |||
267 | Run it over the profiles in /etc/profiles: | 284 | Run it over the profiles in /etc/profiles: |
268 | 285 | ||
269 | ```console | 286 | ```console |