diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -1,4 +1,5 @@ | |||
1 | # Firejail | 1 | # Firejail |
2 | |||
2 | [![Build Status](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines/) | 3 | [![Build Status](https://gitlab.com/Firejail/firejail_ci/badges/master/pipeline.svg)](https://gitlab.com/Firejail/firejail_ci/pipelines/) |
3 | [![CodeQL](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) | 4 | [![CodeQL](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) |
4 | [![Build CI](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22) | 5 | [![Build CI](https://github.com/netblue30/firejail/workflows/Build%20CI/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3A%22Build+CI%22) |
@@ -114,12 +115,15 @@ $ git clone https://github.com/netblue30/firejail.git | |||
114 | $ cd firejail | 115 | $ cd firejail |
115 | $ ./configure && make && sudo make install-strip | 116 | $ ./configure && make && sudo make install-strip |
116 | ````` | 117 | ````` |
118 | |||
117 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 119 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor |
118 | development libraries and pkg-config are required when using `--enable-apparmor` | 120 | development libraries and pkg-config are required when using `--enable-apparmor` |
119 | ./configure option: | 121 | ./configure option: |
122 | |||
120 | ````` | 123 | ````` |
121 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 124 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
122 | ````` | 125 | ````` |
126 | |||
123 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). | 127 | For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). |
124 | 128 | ||
125 | Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). | 129 | Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). |
@@ -134,7 +138,9 @@ $ firejail transmission-gtk # starting Transmission BitTorrent | |||
134 | $ firejail vlc # starting VideoLAN Client | 138 | $ firejail vlc # starting VideoLAN Client |
135 | $ sudo firejail /etc/init.d/nginx start | 139 | $ sudo firejail /etc/init.d/nginx start |
136 | ````` | 140 | ````` |
141 | |||
137 | Run `firejail --list` in a terminal to list all active sandboxes. Example: | 142 | Run `firejail --list` in a terminal to list all active sandboxes. Example: |
143 | |||
138 | ````` | 144 | ````` |
139 | $ firejail --list | 145 | $ firejail --list |
140 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr | 146 | 1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr |
@@ -147,6 +153,7 @@ $ firejail --list | |||
147 | ## Desktop integration | 153 | ## Desktop integration |
148 | 154 | ||
149 | Integrate your sandbox into your desktop by running the following two commands: | 155 | Integrate your sandbox into your desktop by running the following two commands: |
156 | |||
150 | ````` | 157 | ````` |
151 | $ firecfg --fix-sound | 158 | $ firecfg --fix-sound |
152 | $ sudo firecfg | 159 | $ sudo firecfg |
@@ -169,7 +176,6 @@ You can find the profiles for all supported applications in [/etc/firejail](http | |||
169 | If you keep additional Firejail security profiles in a public repository, please give us a link: | 176 | If you keep additional Firejail security profiles in a public repository, please give us a link: |
170 | 177 | ||
171 | * https://github.com/chiraag-nataraj/firejail-profiles | 178 | * https://github.com/chiraag-nataraj/firejail-profiles |
172 | |||
173 | * https://github.com/triceratops1/fe | 179 | * https://github.com/triceratops1/fe |
174 | 180 | ||
175 | Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) | 181 | Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) |
@@ -183,6 +189,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
183 | ## Current development version: 0.9.73 | 189 | ## Current development version: 0.9.73 |
184 | 190 | ||
185 | ### --keep-shell-rc | 191 | ### --keep-shell-rc |
192 | |||
186 | ````` | 193 | ````` |
187 | --keep-shell-rc | 194 | --keep-shell-rc |
188 | By default, when using a private home directory, firejail copies | 195 | By default, when using a private home directory, firejail copies |
@@ -190,10 +197,10 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
190 | which overrides attempts to whitelist the original files (such | 197 | which overrides attempts to whitelist the original files (such |
191 | as ~/.bashrc and ~/.zshrc). This option disables this feature, | 198 | as ~/.bashrc and ~/.zshrc). This option disables this feature, |
192 | and enables the user to whitelist the original files. | 199 | and enables the user to whitelist the original files. |
193 | |||
194 | ````` | 200 | ````` |
195 | 201 | ||
196 | ### private-etc rework | 202 | ### private-etc rework |
203 | |||
197 | ````` | 204 | ````` |
198 | --private-etc, --private-etc=file,directory,@group | 205 | --private-etc, --private-etc=file,directory,@group |
199 | The files installed by --private-etc are copies of the original | 206 | The files installed by --private-etc are copies of the original |
@@ -226,6 +233,7 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
226 | 233 | ||
227 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc | 234 | $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc |
228 | ````` | 235 | ````` |
236 | |||
229 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) | 237 | We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) |
230 | Discussion: https://github.com/netblue30/firejail/discussions/5610 | 238 | Discussion: https://github.com/netblue30/firejail/discussions/5610 |
231 | 239 | ||
@@ -233,6 +241,7 @@ Discussion: https://github.com/netblue30/firejail/discussions/5610 | |||
233 | 241 | ||
234 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 242 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
235 | Run it over the profiles in /etc/profiles: | 243 | Run it over the profiles in /etc/profiles: |
244 | |||
236 | ``` | 245 | ``` |
237 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile | 246 | $ /usr/lib/firejail/profstats /etc/firejail/*.profile |
238 | No include .local found in /etc/firejail/noprofile.profile | 247 | No include .local found in /etc/firejail/noprofile.profile |