diff options
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 12 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | src/firejail/usage.c | 1 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
5 files changed, 16 insertions, 2 deletions
@@ -100,7 +100,7 @@ Duncan Overbruck (https://github.com/Duncaen) | |||
100 | - musl libc fix | 100 | - musl libc fix |
101 | - utmp fix | 101 | - utmp fix |
102 | andrew160 (https://github.com/andrew160) | 102 | andrew160 (https://github.com/andrew160) |
103 | - profile fixes | 103 | - profile and man pages fixes |
104 | Loïc Damien (https://github.com/dzamlo) | 104 | Loïc Damien (https://github.com/dzamlo) |
105 | - small fixes | 105 | - small fixes |
106 | Matthew Gyurgyik (https://github.com/pyther) | 106 | Matthew Gyurgyik (https://github.com/pyther) |
@@ -39,6 +39,18 @@ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ | |||
39 | 39 | ||
40 | ````` | 40 | ````` |
41 | 41 | ||
42 | ## X11 sandboxing support | ||
43 | |||
44 | X11 support is built around Xpra (http://xpra.org/). | ||
45 | So far I've seen it working on Debian 7 and 8, and Ubuntu 14.04. If you manage to run it on another | ||
46 | distribution, please let me know. Example: | ||
47 | ````` | ||
48 | $ firejail --x11 --net=eth0 firefox | ||
49 | ````` | ||
50 | --x11 starts the server, --net is required in order to remove the main X11 server socket from the sandbox. | ||
51 | More information here: https://firejail.wordpress.com/documentation-2/x11-guide/ | ||
52 | |||
53 | |||
42 | ## Default seccomp filter update | 54 | ## Default seccomp filter update |
43 | 55 | ||
44 | Currently 50 syscalls are blacklisted by default, out of a total of 318 calls (AMD64, Debian Jessie). | 56 | Currently 50 syscalls are blacklisted by default, out of a total of 318 calls (AMD64, Debian Jessie). |
@@ -3,6 +3,7 @@ firejail (0.9.39) baseline; urgency=low | |||
3 | * default seccomp filter update | 3 | * default seccomp filter update |
4 | * disable STUN/WebRTC in default netfilter configuration | 4 | * disable STUN/WebRTC in default netfilter configuration |
5 | * added --nice option | 5 | * added --nice option |
6 | * added --x11 option | ||
6 | * addded mkdir profile command | 7 | * addded mkdir profile command |
7 | * --version also prints compile options | 8 | * --version also prints compile options |
8 | * added compile-time option to restrict --net= to root only | 9 | * added compile-time option to restrict --net= to root only |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 33724c80f..b538f136b 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -292,6 +292,7 @@ void usage(void) { | |||
292 | printf("\t--user=new_user - switch the user before starting the sandbox.\n\n"); | 292 | printf("\t--user=new_user - switch the user before starting the sandbox.\n\n"); |
293 | printf("\t--version - print program version and exit.\n\n"); | 293 | printf("\t--version - print program version and exit.\n\n"); |
294 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); | 294 | printf("\t--whitelist=dirname_or_filename - whitelist directory or file.\n\n"); |
295 | printf("\t--x11 - enable x11 server.\n\n"); | ||
295 | printf("\t--zsh - use /usr/bin/zsh as default shell.\n\n"); | 296 | printf("\t--zsh - use /usr/bin/zsh as default shell.\n\n"); |
296 | printf("\n"); | 297 | printf("\n"); |
297 | printf("\n"); | 298 | printf("\n"); |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 4cc318fc2..bd4b7c563 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1517,7 +1517,7 @@ applications started in the sandbox from accessing display 0. | |||
1517 | .br | 1517 | .br |
1518 | Example: | 1518 | Example: |
1519 | .br | 1519 | .br |
1520 | $ firejail \-\-x11 firefox | 1520 | $ firejail \-\-x11 --net=eth0 firefox |
1521 | 1521 | ||
1522 | .TP | 1522 | .TP |
1523 | \fB\-\-zsh | 1523 | \fB\-\-zsh |