aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'README.md')
-rw-r--r--README.md12
1 files changed, 7 insertions, 5 deletions
diff --git a/README.md b/README.md
index 91bba52d2..26f3dc3c5 100644
--- a/README.md
+++ b/README.md
@@ -114,12 +114,12 @@ in order to allow strace to run. Chromium and Chromium-based browsers will not w
114 114
115Example: 115Example:
116````` 116`````
117$ firejail --build vlc ~/Videos/test.mp4 117$ firejail --build /usr/bin/vlc ~/Videos/test.mp4
118 118
119[...] 119[...]
120 120
121############################################ 121############################################
122# vlc profile 122# /usr/bin/vlc profile
123############################################ 123############################################
124# Persistent global definitions 124# Persistent global definitions
125# include /etc/firejail/globals.local 125# include /etc/firejail/globals.local
@@ -141,13 +141,14 @@ private-tmp
141private-dev 141private-dev
142private-etc vdpau_wrapper.cfg,udev,drirc,fonts,xdg,gtk-3.0,machine-id,selinux, 142private-etc vdpau_wrapper.cfg,udev,drirc,fonts,xdg,gtk-3.0,machine-id,selinux,
143whitelist /var/lib/menu-xdg 143whitelist /var/lib/menu-xdg
144# private-bin vlc,
144 145
145### security filters 146### security filters
146caps.drop all 147caps.drop all
147nonewprivs 148nonewprivs
148seccomp 149seccomp
149# seccomp.keep futex,poll,rt_sigtimedwait,ioctl,fdatasync,stat,writev,read,recvmsg,mprotect,write,sendto,clock_nanosleep,open,dup3,mmap,rt_sigprocmask,close,fstat,lstat,lseek,munmap,brk,rt_sigaction,rt_sigreturn,access,madvise,shmget,shmat,shmctl,alarm,getpid,socket,connect,recvfrom,sendmsg,shutdown,getsockname,getpeername,setsockopt,getsockopt,clone,execve,uname,shmdt,fcntl,flock,ftruncate,getdents,rename,mkdir,unlink,readlink,chmod,getrlimit,sysinfo,getuid,getgid,setuid,setgid,geteuid,getegid,getppid,getpgrp,setresuid,getresuid,setresgid,getresgid,statfs,fstatfs,prctl,arch_prctl,sched_getaffinity,set_tid_address,fadvise64,clock_getres,tgkill,set_robust_list,eventfd2,pipe2,getrandom,memfd_create 150# seccomp.keep futex,poll,rt_sigtimedwait,ioctl,fdatasync,read,writev,sendmsg,sendto,write,recvmsg,mmap,mprotect,getpid,stat,clock_nanosleep,munmap,close,access,lseek,fcntl,open,fstat,lstat,brk,rt_sigaction,rt_sigprocmask,rt_sigreturn,madvise,shmget,shmat,shmctl,alarm,socket,connect,recvfrom,shutdown,getsockname,getpeername,setsockopt,getsockopt,clone,execve,uname,shmdt,flock,ftruncate,getdents,rename,mkdir,unlink,readlink,chmod,getrlimit,sysinfo,getuid,getgid,geteuid,getegid,getresuid,getresgid,statfs,fstatfs,prctl,arch_prctl,sched_getaffinity,set_tid_address,fadvise64,clock_getres,tgkill,set_robust_list,eventfd2,dup3,pipe2,getrandom,memfd_create
150# 82 syscalls total 151# 76 syscalls total
151# Probably you will need to add more syscalls to seccomp.keep. Look for 152# Probably you will need to add more syscalls to seccomp.keep. Look for
152# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while 153# seccomp errors in /var/log/syslog or /var/log/audit/audit.log while
153# running your sandbox. 154# running your sandbox.
@@ -178,4 +179,5 @@ amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter,
178calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, 179calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage,
179calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth, 180calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,
180imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, 181imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
181ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart 182ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
183conky, arch-audit, ffmpeg
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 03:58:04 +0000