diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 42 |
1 files changed, 41 insertions, 1 deletions
@@ -145,6 +145,46 @@ Added AppImage type 2 support, and support for passing command line arguments to | |||
145 | 145 | ||
146 | $ firejail --git-uninstall | 146 | $ firejail --git-uninstall |
147 | 147 | ||
148 | --x11=xvfb | ||
149 | Start Xvfb X11 server and attach the sandbox to this server. | ||
150 | Xvfb, short for X virtual framebuffer, performs all graphical | ||
151 | operations in memory without showing any screen output. Xvfb is | ||
152 | mainly used for remote access and software testing on headless | ||
153 | servers. | ||
154 | |||
155 | On Debian platforms Xvfb is installed with the command sudo apt- | ||
156 | get install xvfb. This feature is not available when running as | ||
157 | root. | ||
158 | |||
159 | Example: remote VNC access | ||
160 | |||
161 | On the server we start a sandbox using Xvfb and openbox window | ||
162 | manager. The default size of Xvfb screen is 800x600 - it can be | ||
163 | changed in /etc/firejail/firejail.config (xvfb-screen). Some | ||
164 | sort of networking (--net) is required in order to isolate the | ||
165 | abstract sockets used by other X servers. | ||
166 | |||
167 | $ firejail --net=none --x11=xvfb openbox | ||
168 | |||
169 | *** Attaching to Xvfb display 792 *** | ||
170 | |||
171 | Reading profile /etc/firejail/openbox.profile | ||
172 | Reading profile /etc/firejail/disable-common.inc | ||
173 | Reading profile /etc/firejail/disable-common.local | ||
174 | Parent pid 5400, child pid 5401 | ||
175 | |||
176 | On the server we also start a VNC server and attach it to the | ||
177 | display handled by our Xvfb server (792). | ||
178 | |||
179 | $ x11vnc -display :792 | ||
180 | |||
181 | On the client machine we start a VNC viewer and use it to con‐ | ||
182 | nect to our server: | ||
183 | |||
184 | $ vncviewer | ||
185 | |||
186 | --nowhitelist=dirname_or_filename | ||
187 | Disable whitelist for this directory or file. | ||
148 | 188 | ||
149 | ````` | 189 | ````` |
150 | ## New Profiles | 190 | ## New Profiles |
@@ -155,4 +195,4 @@ goobox, gpa, gpg, gpg-agent, highlight, img2txt, k3b, kate, lynx, mediainfo, nau | |||
155 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, | 195 | simple-scan, skanlite, ssh-agent, tracker, transmission-cli, transmission-show, w3m, xfburn, xpra, wget, |
156 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, | 196 | xed, pluma, Cryptocat, Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5, |
157 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, | 197 | PDFSam, Pithos, Xonotic, wireshark, keepassx2, QupZilla, FossaMail, Uzbl browser, xmms, iridium browser, |
158 | Kino, Thunar | 198 | Kino, Thunar, Geeqie |