diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 589 |
1 files changed, 301 insertions, 288 deletions
@@ -2,11 +2,11 @@ Firejail is a SUID sandbox program that reduces the risk of security | |||
2 | breaches by restricting the running environment of untrusted applications | 2 | breaches by restricting the running environment of untrusted applications |
3 | using Linux namespaces and seccomp-bpf. It includes sandbox profiles for | 3 | using Linux namespaces and seccomp-bpf. It includes sandbox profiles for |
4 | Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission, | 4 | Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission, |
5 | VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent. | 5 | VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent. |
6 | DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, | 6 | DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, |
7 | Pidgin, Quassel and XChat. | 7 | Pidgin, Quassel, and XChat. |
8 | 8 | ||
9 | Firejail also expands the restricted shell facility found in bash by adding | 9 | Firejail also expands the restricted shell facility found in bash by adding |
10 | Linux namespace support. It supports sandboxing specific users upon login. | 10 | Linux namespace support. It supports sandboxing specific users upon login. |
11 | 11 | ||
12 | Download: http://sourceforge.net/projects/firejail/files/ | 12 | Download: http://sourceforge.net/projects/firejail/files/ |
@@ -15,7 +15,9 @@ Documentation and support: https://firejail.wordpress.com/ | |||
15 | Development: https://github.com/netblue30/firejail | 15 | Development: https://github.com/netblue30/firejail |
16 | License: GPL v2 | 16 | License: GPL v2 |
17 | 17 | ||
18 | Compile and install | 18 | |
19 | |||
20 | Compile and install mainline version from GitHub: | ||
19 | 21 | ||
20 | $ git clone https://github.com/netblue30/firejail.git | 22 | $ git clone https://github.com/netblue30/firejail.git |
21 | $ cd firejail | 23 | $ cd firejail |
@@ -26,19 +28,23 @@ On Debian/Ubuntu you will need to install git and a compiler: | |||
26 | $ sudo apt-get install build-essential | 28 | $ sudo apt-get install build-essential |
27 | 29 | ||
28 | 30 | ||
29 | Firejail Authors: | ||
30 | 31 | ||
31 | netblue30 (netblue30@yahoo.com) | 32 | Maintainer: |
32 | Reiner Herrmann (https://github.com/reinerh) | 33 | - netblue30 (netblue30@yahoo.com) |
33 | - a number of build patches | 34 | |
34 | - man page fixes | 35 | Committers |
35 | - Debian and Ubuntu integration | 36 | - Fred-Barclay (https://github.com/Fred-Barclay) |
36 | - clang-analyzer fixes | 37 | - Reiner Herrmann (https://github.com/reinerh) |
37 | - Debian reproducible build | 38 | - netblue30 (netblue30@yahoo.com) |
38 | - unit testing framework | 39 | |
39 | - moved build to .xz | 40 | |
40 | - detached signatures for source archive | 41 | |
41 | - recursive mkdir | 42 | Firejail Authors (alphabetical order) |
43 | |||
44 | Akhil Hans Maulloo (https://github.com/kouul) | ||
45 | - xz profile | ||
46 | Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) | ||
47 | - src/lib/libnetlink.c extracted from iproute2 software package | ||
42 | Aleksey Manevich (https://github.com/manevich) | 48 | Aleksey Manevich (https://github.com/manevich) |
43 | - several profile fixes | 49 | - several profile fixes |
44 | - fix problem with relative path in storage_find function | 50 | - fix problem with relative path in storage_find function |
@@ -57,6 +63,80 @@ Aleksey Manevich (https://github.com/manevich) | |||
57 | - x11 xpra, xphyr, none profile commands | 63 | - x11 xpra, xphyr, none profile commands |
58 | - added --join-or-start command | 64 | - added --join-or-start command |
59 | - CVE-2016-7545 | 65 | - CVE-2016-7545 |
66 | Alexander Stein (https://github.com/ajstein) | ||
67 | - added profile for qutebrowser | ||
68 | Andrey Alekseenko (https://github.com/al42and) | ||
69 | - fixing lintian warnings | ||
70 | - fixed Skype profile | ||
71 | andrew160 (https://github.com/andrew160) | ||
72 | - profile and man pages fixes | ||
73 | Austin S. Hemmelgarn (https://github.com/Ferroin) | ||
74 | - unbound profile update | ||
75 | avoidr (https://github.com/avoidr) | ||
76 | - whitelist fix | ||
77 | - recently-used.xbel fix | ||
78 | - added parole profile | ||
79 | - blacklist ncat | ||
80 | - hostname support in profile file | ||
81 | - Google Chrome profile rework | ||
82 | - added cmus profile | ||
83 | - man page fixes | ||
84 | - add net iface support in profile files | ||
85 | - paths fix | ||
86 | - lots of profile fixes | ||
87 | - added mcabber profile | ||
88 | - fixed mpv profile | ||
89 | - various other fixes | ||
90 | Bader Zaidan (https://github.com/BaderSZ) | ||
91 | - Telegram profile | ||
92 | Benjamin Kampmann (https://github.com/ligthyear) | ||
93 | - Forward exit code from child process | ||
94 | BogDan Vatra (https://github.com/bog-dan-ro) | ||
95 | - zoom profile | ||
96 | Bruno Nova (https://github.com/brunonova) | ||
97 | - whitelist fix | ||
98 | - bash arguments fix | ||
99 | Cat (https://github.com/ecat3) | ||
100 | - prevent tmux connecting to an existing session | ||
101 | creideiki (https://github.com/creideiki) | ||
102 | - make the sandbox process reap all children | ||
103 | Christian Stadelmann (https://github.com/genodeftest) | ||
104 | - profile fixes | ||
105 | - evolution profile fix | ||
106 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
107 | - tightening unbound and dnscrypt-proxy profiles | ||
108 | - correct and tighten QuiteRss profile | ||
109 | - dnsmasq profile | ||
110 | - okular and gwenview profiles | ||
111 | - cherrytree profile fixes | ||
112 | - added quiterss profile | ||
113 | - added guayadeque profile | ||
114 | - added VirtualBox.profile | ||
115 | - various other profile fixes | ||
116 | Daan Bakker (https://github.com/dbakker) | ||
117 | - protect shell startup files | ||
118 | Dara Adib (https://github.com/daradib) | ||
119 | - ssh profile fix | ||
120 | - evince profile fix | ||
121 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | ||
122 | - added xpdf profile | ||
123 | dewbasaur (https://github.com/dewbasaur) | ||
124 | - block access to history files | ||
125 | - Firefox PDF.js exploit (CVE-2015-4495) fixes | ||
126 | - Steam profile | ||
127 | dshmgh (https://github.com/dshmgh) | ||
128 | - overlayfs fix for systems with /home mounted on a separate partition | ||
129 | Duncan Overbruck (https://github.com/Duncaen) | ||
130 | - musl libc fix | ||
131 | - utmp fix | ||
132 | emacsomancer (https://github.com/emacsomancer) | ||
133 | - added profile for Conkeror browser | ||
134 | eventyrer (https://github.com/eventyrer) | ||
135 | - update gnome-mplayer.profile | ||
136 | Felipe Barriga Richards (https://github.com/fbarriga) | ||
137 | - --private-etc fix | ||
138 | Franco (nextime) Lanza (https://github.com/nextime) | ||
139 | - added --private-template/--private-home | ||
60 | Fred-Barclay (https://github.com/Fred-Barclay) | 140 | Fred-Barclay (https://github.com/Fred-Barclay) |
61 | - lots of profile fixes | 141 | - lots of profile fixes |
62 | - added Vivaldi, Atril profiles | 142 | - added Vivaldi, Atril profiles |
@@ -99,169 +179,57 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
99 | - compile/install scripts for --git-install/--git-uninstall commands | 179 | - compile/install scripts for --git-install/--git-uninstall commands |
100 | - tighten keepassx | 180 | - tighten keepassx |
101 | - added Thunar profile | 181 | - added Thunar profile |
102 | SYN-cook (https://github.com/SYN-cook) | 182 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) |
103 | - keepass/keepassx browser fixes | 183 | - ARM support |
104 | - disable-common.inc fixes | ||
105 | - blacklist GNOME keyring and Konqueror | ||
106 | - fixed Keepass(x) profiles | ||
107 | - Engrampa profile | ||
108 | - Scribus profile | ||
109 | valoq (https://github.com/valoq) | ||
110 | - lots of profile fixes | ||
111 | - added support for /srv in --whitelist feature | ||
112 | - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles | ||
113 | - blacklist suid binaries in disable-common.inc | ||
114 | - fix man pages | ||
115 | - added keypass2, qemu profiles | ||
116 | - added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles | ||
117 | - added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles | ||
118 | - added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles | ||
119 | - added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles | ||
120 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles | ||
121 | - added wget profile | ||
122 | - disable gnupg and systemd directories under /run/user | ||
123 | - added iridium browser profile | ||
124 | Zack Weinberg (https://github.com/zackw) | ||
125 | - removed libconnect | ||
126 | - fixed memory corruption in noblacklist processing | ||
127 | - rework DISPLAY environment parsing | ||
128 | - rework masking X11 sockets in /tmp/.X11-unix directory | ||
129 | - rework xpra and xephyr detection | ||
130 | - rework abstract X11 socket detection | ||
131 | - rework X11 display number assignment | ||
132 | - rework X11 xorg processing | ||
133 | - rework fcopy, --follow-link support in fcopy | ||
134 | - follow link support in --private-bin | ||
135 | - wait_for_other function rewrite | ||
136 | - xvfb X11 server support | ||
137 | Austin S. Hemmelgarn (https://github.com/Ferroin) | ||
138 | - unbound profile update | ||
139 | Igor Bukanov (https://github.com/ibukanov) | ||
140 | - found/fiixed privilege escalation in --hosts-file option | ||
141 | Cat (https://github.com/ecat3) | ||
142 | - prevent tmux connecting to an existing session | ||
143 | Zack Weinberg (https://github.com/zackw) | ||
144 | - sdded support for joining a persistent, named network namespace | ||
145 | GSI (https://github.com/GSI) | ||
146 | - added Uzbl browser profile | ||
147 | Mike Frysinger (vapier@gentoo.org) | ||
148 | - Gentoo compile patch | ||
149 | Jericho (https://github.com/attritionorg) | ||
150 | - spelling | ||
151 | Pixel Fairy (https://github.com/xahare) | ||
152 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section | ||
153 | pshpsh (https://github.com/pshpsh) | ||
154 | - added FossaMail profile | ||
155 | eventyrer (https://github.com/eventyrer) | ||
156 | - update gnome-mplayer.profile | ||
157 | thewisenerd (https://github.com/thewisenerd) | ||
158 | - allow multiple private-home commands | ||
159 | - use $SHELL variable if the shell is not specified | ||
160 | thewisenerd (https://github.com/thewisenerd) | ||
161 | - appimage: pass commandline arguments | ||
162 | KOLANICH (https://github.com/KOLANICH) | ||
163 | - added symlink fixer fix_private-bin.py in contrib section | ||
164 | Jesse Smith (https://github.com/slicer69) | ||
165 | - added QupZilla profile | ||
166 | Lari Rauno (https://github.com/tuutti) | ||
167 | - qutebrowser profile fixes | ||
168 | SpotComms (https://github.com/SpotComms) | ||
169 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles | ||
170 | - added PDFSam, Pithos, and Xonotic profiles | ||
171 | Vasya Novikov (https://github.com/vn971) | ||
172 | - Wesnoth profile | ||
173 | - Hedegewars profile | ||
174 | - manpage fixes | ||
175 | - fixed firecfg clean/clear issue | ||
176 | - found the ugliest bug so far | ||
177 | - seccomp debug description in man page | ||
178 | curiosity-seeker (https://github.com/curiosity-seeker) | ||
179 | - tightening unbound and dnscrypt-proxy profiles | ||
180 | - correct and tighten QuiteRss profile | ||
181 | - dnsmasq profile | ||
182 | - okular and gwenview profiles | ||
183 | - cherrytree profile fixes | ||
184 | - added quiterss profile | ||
185 | - added guayadeque profile | ||
186 | - added VirtualBox.profile | ||
187 | - various other profile fixes | ||
188 | Simon Peter (https://github.com/probonopd) | ||
189 | - set $APPIMAGE and $APPDIR environment variables | ||
190 | - AppImage version detection | ||
191 | - Leafppad type v1 and v2 appimage packages in test/appimage | ||
192 | BogDan Vatra (https://github.com/bog-dan-ro) | ||
193 | - zoom profile | ||
194 | Impyy (https://github.com/Impyy) | ||
195 | - added mumble profile | ||
196 | Vadim A. Misbakh-Soloviov (https://github.com/msva) | ||
197 | - profile fixes | 184 | - profile fixes |
198 | Rafael Cavalcanti (https://github.com/rccavalcanti) | 185 | Gaman Gabriel (https://github.com/stelariusinfinitek) |
199 | - chromium profile fixes for Arch Linux | 186 | - inox profile |
200 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | 187 | geg2048 (https://github.com/geg2048) |
201 | - added xpdf profile | 188 | - kwallet profile fixes |
202 | Dara Adib (https://github.com/daradib) | ||
203 | - ssh profile fix | ||
204 | - evince profile fix | ||
205 | vismir2 (https://github.com/vismir2) | ||
206 | - feh, ranger, 7z, keepass, keepassx and zathura profiles | ||
207 | - claws-mail, mutt, git, emacs, vim profiles | ||
208 | - lots of profile fixes | ||
209 | - support for truecrypt and zuluCrypt | ||
210 | graywolf (https://github.com/graywolf) | 189 | graywolf (https://github.com/graywolf) |
211 | - spelling fix | 190 | - spelling fix |
212 | Tomasz Jan Góralczyk (https://github.com/tjg) | ||
213 | - fixed Steam profile | ||
214 | pwnage-pineapple (https://github.com/pwnage-pineapple) | ||
215 | - update Okular profile | ||
216 | Sergey Alirzaev (https://github.com/l29ah) | ||
217 | - firejail.h enum fix | ||
218 | greigdp (https://github.com/greigdp) | 191 | greigdp (https://github.com/greigdp) |
219 | - Gajim IM client profile | 192 | - Gajim IM client profile |
220 | - fix Slack profile | 193 | - fixed spotify profile |
194 | - added Slack profile | ||
195 | - add Spotify profile | ||
196 | GSI (https://github.com/GSI) | ||
197 | - added Uzbl browser profile | ||
198 | hamzadis (https://github.com/hamzadis) | ||
199 | - added --overlay-named=name and --overlay-path=path | ||
200 | Holger Heinz (https://github.com/hheinz) | ||
201 | - manpage work | ||
221 | Icaro Perseo (https://github.com/icaroperseo) | 202 | Icaro Perseo (https://github.com/icaroperseo) |
222 | - Icecat profile | 203 | - Icecat profile |
223 | - several profile fixes | 204 | - several profile fixes |
224 | hamzadis (https://github.com/hamzadis) | 205 | Igor Bukanov (https://github.com/ibukanov) |
225 | - added --overlay-named=name and --overlay-path=path | 206 | - found/fiixed privilege escalation in --hosts-file option |
226 | Gaman Gabriel (https://github.com/stelariusinfinitek) | 207 | iiotx (https://github.com/iiotx) |
227 | - inox profile | 208 | - use generic.profile by default |
228 | greigdp (https://github.com/greigdp) | 209 | Impyy (https://github.com/Impyy) |
229 | - fixed spotify profile | 210 | - added mumble profile |
230 | - added Slack profile | 211 | Ivan Kozik (https://github.com/ivan) |
231 | Laurent Declercq (https://github.com/nuxwin) | 212 | - speed up sandbox exit |
232 | - fixed test for shell interpreter in chroots | ||
233 | Franco (nextime) Lanza (https://github.com/nextime) | ||
234 | - added --private-template/--private-home | ||
235 | xee5ch (https://github.com/xee5ch) | ||
236 | - skypeforlinux profile | ||
237 | Peter Hogg (https://github.com/pigmonkey) | ||
238 | - WeeChat profile | ||
239 | - rtorrent profile | ||
240 | - bitlbee profile fixes | ||
241 | - mutt profile fixes | ||
242 | Thomas Jarosch (https://github.com/thomasjfox) | ||
243 | - disable keepassx in disable-passwdmgr.inc | ||
244 | - added uudeview profile | ||
245 | - added tar (gtar), unzip and unrar profile | ||
246 | - added file profile | ||
247 | - improved profile list | ||
248 | - fixed small variable glitch in stat64() / lstat64() (libtracelog) | ||
249 | - added lstat() / lstat64() support to libtrace | ||
250 | - include mkuid.sh in make dist | ||
251 | Niklas Haas (https://github.com/haasn) | ||
252 | - blacklisting for keybase.io's client | ||
253 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 213 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
254 | - cpio profile | 214 | - cpio profile |
255 | Paupiah Yash (https://github.com/CaffeinatedStud) | 215 | Jericho (https://github.com/attritionorg) |
256 | - gzip profile | 216 | - spelling |
257 | Akhil Hans Maulloo (https://github.com/kouul) | 217 | Jesse Smith (https://github.com/slicer69) |
258 | - xz profile | 218 | - added QupZilla profile |
259 | Rahul Golam (https://github.com/technoLord) | 219 | jgriffiths (https://github.com/jgriffiths) |
260 | - strings profile | 220 | - make rpm packages support |
261 | geg2048 (https://github.com/geg2048) | 221 | Joan Figueras (https://github.com/figue) |
262 | - kwallet profile fixes | 222 | - added abrowser profile |
263 | maces (https://github.com/maces) | 223 | - added Google-Play-Music-Desktop-Player |
264 | - Franz messenger profile | 224 | - added cyberfox profile |
225 | jrabe (https://github.com/jrabe) | ||
226 | - disallow access to kdbx files | ||
227 | - Epiphany profile | ||
228 | - Polari profile | ||
229 | - qTox profile | ||
230 | - X11 fixes | ||
231 | Kaan Genç (https://github.com/SeriousBug) | ||
232 | - dynamic allocation of noblacklist buffer | ||
265 | KellerFuchs (https://github.com/KellerFuchs) | 233 | KellerFuchs (https://github.com/KellerFuchs) |
266 | - nonewpriv support, extended profiles for this feature | 234 | - nonewpriv support, extended profiles for this feature |
267 | - make `restricted-network` prevent use of netfilter | 235 | - make `restricted-network` prevent use of netfilter |
@@ -270,116 +238,45 @@ KellerFuchs (https://github.com/KellerFuchs) | |||
270 | - added support for .local profile files in /etc/firejail | 238 | - added support for .local profile files in /etc/firejail |
271 | - fixed Cryptocat profile | 239 | - fixed Cryptocat profile |
272 | - make ~/.local read-only | 240 | - make ~/.local read-only |
273 | ValdikSS (https://github.com/ValdikSS) | 241 | KOLANICH (https://github.com/KOLANICH) |
274 | - Psi+, Corebird, Konversation profiles | 242 | - added symlink fixer fix_private-bin.py in contrib section |
275 | - various profile fixes | 243 | Lari Rauno (https://github.com/tuutti) |
276 | avoidr (https://github.com/avoidr) | 244 | - qutebrowser profile fixes |
277 | - whitelist fix | 245 | Laurent Declercq (https://github.com/nuxwin) |
278 | - recently-used.xbel fix | 246 | - fixed test for shell interpreter in chroots |
279 | - added parole profile | 247 | Loïc Damien (https://github.com/dzamlo) |
280 | - blacklist ncat | 248 | - small fixes |
281 | - hostname support in profile file | 249 | maces (https://github.com/maces) |
282 | - Google Chrome profile rework | 250 | - Franz messenger profile |
283 | - added cmus profile | ||
284 | - man page fixes | ||
285 | - add net iface support in profile files | ||
286 | - paths fix | ||
287 | - lots of profile fixes | ||
288 | - added mcabber profile | ||
289 | - fixed mpv profile | ||
290 | - various other fixes | ||
291 | Ruan (https://github.com/ruany) | ||
292 | - fixed hexchat profile | ||
293 | Matthew Gyurgyik (https://github.com/pyther) | ||
294 | - rpm spec and several fixes | ||
295 | Joan Figueras (https://github.com/figue) | ||
296 | - added abrowser profile | ||
297 | - added Google-Play-Music-Desktop-Player | ||
298 | - added cyberfox profile | ||
299 | Petter Reinholdtsen (pere@hungry.com) | ||
300 | - Opera profile patch | ||
301 | n1trux (https://github.com/n1trux) | ||
302 | - fix flashpeak-slimjet profile typos | ||
303 | Felipe Barriga Richards (https://github.com/fbarriga) | ||
304 | - --private-etc fix | ||
305 | Alexander Stein (https://github.com/ajstein) | ||
306 | - added profile for qutebrowser | ||
307 | Benjamin Kampmann (https://github.com/ligthyear) | ||
308 | - Forward exit code from child process | ||
309 | dshmgh (https://github.com/dshmgh) | ||
310 | - overlayfs fix for systems with /home mounted on a separate partition | ||
311 | yumkam (https://github.com/yumkam) | ||
312 | - add compile-time option to restrict --net= to root only | ||
313 | - man page fixes | ||
314 | mahdi1234 (https://github.com/mahdi1234) | 251 | mahdi1234 (https://github.com/mahdi1234) |
315 | - cherrytree profile | 252 | - cherrytree profile |
316 | - Seamonkey profiles | 253 | - Seamonkey profiles |
317 | jrabe (https://github.com/jrabe) | ||
318 | - disallow access to kdbx files | ||
319 | - Epiphany profile | ||
320 | - Polari profile | ||
321 | - qTox profile | ||
322 | - X11 fixes | ||
323 | jgriffiths (https://github.com/jgriffiths) | ||
324 | - make rpm packages support | ||
325 | Tom Mellor (https://github.com/kalegrill) | ||
326 | - mupen64plus profile | ||
327 | Martin Carpenter (https://github.com/mcarpenter) | 254 | Martin Carpenter (https://github.com/mcarpenter) |
328 | - security audit and bug fixes | 255 | - security audit and bug fixes |
329 | - Centos 6.x support | 256 | - Centos 6.x support |
330 | pszxzsd (https://github.com/pszxzsd) | ||
331 | -uGet profile | ||
332 | Rahiel Kasim (https://github.com/rahiel) | ||
333 | - Mathematica profile | ||
334 | - whitelisted Dropbox profile | ||
335 | - whitelisted keysnail config for firefox | ||
336 | creideiki (https://github.com/creideiki) | ||
337 | - make the sandbox process reap all children | ||
338 | sinkuu (https://github.com/sinkuu) | ||
339 | - blacklisting kwalletd | ||
340 | - fix symlink invocation for programs placing symlinks in $PATH | ||
341 | Bader Zaidan (https://github.com/BaderSZ) | ||
342 | - Telegram profile | ||
343 | Holger Heinz (https://github.com/hheinz) | ||
344 | - manpage work | ||
345 | Andrey Alekseenko (https://github.com/al42and) | ||
346 | - fixing lintian warnings | ||
347 | - fixed Skype profile | ||
348 | Ivan Kozik (https://github.com/ivan) | ||
349 | - speed up sandbox exit | ||
350 | Christian Stadelmann (https://github.com/genodeftest) | ||
351 | - profile fixes | ||
352 | - evolution profile fix | ||
353 | pirate486743186 (https://github.com/pirate486743186) | ||
354 | - KMail profile | ||
355 | Kaan Genç (https://github.com/SeriousBug) | ||
356 | - dynamic allocation of noblacklist buffer | ||
357 | Veeti Paananen (https://github.com/veeti) | ||
358 | - fixed Spotify profile | ||
359 | rogshdo (https://github.com/rogshdo) | ||
360 | - BitlBee profile | ||
361 | Bruno Nova (https://github.com/brunonova) | ||
362 | - whitelist fix | ||
363 | - bash arguments fix | ||
364 | Matt Parnell (https://github.com/ilikenwf) | 257 | Matt Parnell (https://github.com/ilikenwf) |
365 | - whitelisting for core firefox related functionality | 258 | - whitelisting for core firefox related functionality |
366 | Ondra Nekola (https://github.com/satai) | ||
367 | - allow firefox theming with non-global themes | ||
368 | emacsomancer (https://github.com/emacsomancer) | ||
369 | - added profile for Conkeror browser | ||
370 | Daan Bakker (https://github.com/dbakker) | ||
371 | - protect shell startup files | ||
372 | Duncan Overbruck (https://github.com/Duncaen) | ||
373 | - musl libc fix | ||
374 | - utmp fix | ||
375 | andrew160 (https://github.com/andrew160) | ||
376 | - profile and man pages fixes | ||
377 | Loïc Damien (https://github.com/dzamlo) | ||
378 | - small fixes | ||
379 | greigdp (https://github.com/greigdp) | ||
380 | - add Spotify profile | ||
381 | Mattias Wadman (https://github.com/wader) | 259 | Mattias Wadman (https://github.com/wader) |
382 | - seccomp errno filter support | 260 | - seccomp errno filter support |
261 | Matthew Gyurgyik (https://github.com/pyther) | ||
262 | - rpm spec and several fixes | ||
263 | Michael Haas (https://github.com/mhaas) | ||
264 | - bugfixes | ||
265 | Mike Frysinger (vapier@gentoo.org) | ||
266 | - Gentoo compile patch | ||
267 | mjudtmann (https://github.com/mjudtmann) | ||
268 | - lock firejail configuration in disable-mgmt.inc | ||
269 | n1trux (https://github.com/n1trux) | ||
270 | - fix flashpeak-slimjet profile typos | ||
271 | netblue30 (netblue30@yahoo.com) | ||
272 | Niklas Haas (https://github.com/haasn) | ||
273 | - blacklisting for keybase.io's client | ||
274 | Ondra Nekola (https://github.com/satai) | ||
275 | - allow firefox theming with non-global themes | ||
276 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | ||
277 | - user namespace implementation | ||
278 | Paupiah Yash (https://github.com/CaffeinatedStud) | ||
279 | - gzip profile | ||
383 | Peter Millerchip (https://github.com/pmillerchip) | 280 | Peter Millerchip (https://github.com/pmillerchip) |
384 | - memory allocation fix | 281 | - memory allocation fix |
385 | - --private.keep to --private-home transition | 282 | - --private.keep to --private-home transition |
@@ -387,30 +284,146 @@ Peter Millerchip (https://github.com/pmillerchip) | |||
387 | - support for files and directories with spaces in blacklist option | 284 | - support for files and directories with spaces in blacklist option |
388 | - lots of other fixes | 285 | - lots of other fixes |
389 | - implement the --allow-private-blacklist option | 286 | - implement the --allow-private-blacklist option |
287 | Peter Hogg (https://github.com/pigmonkey) | ||
288 | - WeeChat profile | ||
289 | - rtorrent profile | ||
290 | - bitlbee profile fixes | ||
291 | - mutt profile fixes | ||
292 | Petter Reinholdtsen (pere@hungry.com) | ||
293 | - Opera profile patch | ||
294 | pirate486743186 (https://github.com/pirate486743186) | ||
295 | - KMail profile | ||
296 | Pixel Fairy (https://github.com/xahare) | ||
297 | - added fjclip.py, fjdisplay.py and fjresize.py in contrib section | ||
298 | pshpsh (https://github.com/pshpsh) | ||
299 | - added FossaMail profile | ||
300 | pstn (https://github.com/pstn) | ||
301 | - added install-strip, make install without strip | ||
302 | pszxzsd (https://github.com/pszxzsd) | ||
303 | -uGet profile | ||
304 | pwnage-pineapple (https://github.com/pwnage-pineapple) | ||
305 | - update Okular profile | ||
306 | Rafael Cavalcanti (https://github.com/rccavalcanti) | ||
307 | - chromium profile fixes for Arch Linux | ||
308 | Rahiel Kasim (https://github.com/rahiel) | ||
309 | - Mathematica profile | ||
310 | - whitelisted Dropbox profile | ||
311 | - whitelisted keysnail config for firefox | ||
312 | Rahul Golam (https://github.com/technoLord) | ||
313 | - strings profile | ||
314 | Reiner Herrmann (https://github.com/reinerh) | ||
315 | - a number of build patches | ||
316 | - man page fixes | ||
317 | - Debian and Ubuntu integration | ||
318 | - clang-analyzer fixes | ||
319 | - Debian reproducible build | ||
320 | - unit testing framework | ||
321 | - moved build to .xz | ||
322 | - detached signatures for source archive | ||
323 | - recursive mkdir | ||
324 | rogshdo (https://github.com/rogshdo) | ||
325 | - BitlBee profile | ||
326 | Ruan (https://github.com/ruany) | ||
327 | - fixed hexchat profile | ||
390 | sarneaud (https://github.com/sarneaud) | 328 | sarneaud (https://github.com/sarneaud) |
391 | - rewrite globbing code to fix various minor issues | 329 | - rewrite globbing code to fix various minor issues |
392 | - added noblacklist command for profile files | 330 | - added noblacklist command for profile files |
393 | - various enhancements and bug fixes | 331 | - various enhancements and bug fixes |
394 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | 332 | Sergey Alirzaev (https://github.com/l29ah) |
395 | - user namespace implementation | 333 | - firejail.h enum fix |
334 | Simon Peter (https://github.com/probonopd) | ||
335 | - set $APPIMAGE and $APPDIR environment variables | ||
336 | - AppImage version detection | ||
337 | - Leafppad type v1 and v2 appimage packages in test/appimage | ||
338 | sinkuu (https://github.com/sinkuu) | ||
339 | - blacklisting kwalletd | ||
340 | - fix symlink invocation for programs placing symlinks in $PATH | ||
396 | sshirokov (http://sourceforge.net/u/yshirokov/profile/) | 341 | sshirokov (http://sourceforge.net/u/yshirokov/profile/) |
397 | - Patch to output "Reading profile" to stderr instead of stdout | 342 | - Patch to output "Reading profile" to stderr instead of stdout |
398 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) | 343 | SpotComms (https://github.com/SpotComms) |
399 | - ARM support | 344 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles |
345 | - added PDFSam, Pithos, and Xonotic profiles | ||
346 | SYN-cook (https://github.com/SYN-cook) | ||
347 | - keepass/keepassx browser fixes | ||
348 | - disable-common.inc fixes | ||
349 | - blacklist GNOME keyring and Konqueror | ||
350 | - fixed Keepass(x) profiles | ||
351 | - Engrampa profile | ||
352 | - Scribus profile | ||
353 | - autostart blacklist for KDE | ||
354 | - blacklist startup scripts | ||
355 | startx2017 (https://github.com/startx2017) | ||
356 | - syscall list update | ||
357 | - enable/disable join support in /etc/firejail/firejail.config | ||
358 | thewisenerd (https://github.com/thewisenerd) | ||
359 | - allow multiple private-home commands | ||
360 | - use $SHELL variable if the shell is not specified | ||
361 | - appimage: pass commandline arguments | ||
362 | Thomas Jarosch (https://github.com/thomasjfox) | ||
363 | - disable keepassx in disable-passwdmgr.inc | ||
364 | - added uudeview profile | ||
365 | - added tar (gtar), unzip and unrar profile | ||
366 | - added file profile | ||
367 | - improved profile list | ||
368 | - fixed small variable glitch in stat64() / lstat64() (libtracelog) | ||
369 | - added lstat() / lstat64() support to libtrace | ||
370 | - include mkuid.sh in make dist | ||
371 | Tom Mellor (https://github.com/kalegrill) | ||
372 | - mupen64plus profile | ||
373 | Tomasz Jan Góralczyk (https://github.com/tjg) | ||
374 | - fixed Steam profile | ||
375 | valoq (https://github.com/valoq) | ||
376 | - lots of profile fixes | ||
377 | - added support for /srv in --whitelist feature | ||
378 | - Eye of GNOME, Evolution, display (imagemagik) and Wire profiles | ||
379 | - blacklist suid binaries in disable-common.inc | ||
380 | - fix man pages | ||
381 | - added keypass2, qemu profiles | ||
382 | - added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles | ||
383 | - added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles | ||
384 | - added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles | ||
385 | - added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles | ||
386 | - added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles | ||
387 | - added wget profile | ||
388 | - disable gnupg and systemd directories under /run/user | ||
389 | - added iridium browser profile | ||
390 | Vadim A. Misbakh-Soloviov (https://github.com/msva) | ||
400 | - profile fixes | 391 | - profile fixes |
401 | dewbasaur (https://github.com/dewbasaur) | 392 | ValdikSS (https://github.com/ValdikSS) |
402 | - block access to history files | 393 | - Psi+, Corebird, Konversation profiles |
403 | - Firefox PDF.js exploit (CVE-2015-4495) fixes | 394 | - various profile fixes |
404 | - Steam profile | 395 | Vasya Novikov (https://github.com/vn971) |
405 | Michael Haas (https://github.com/mhaas) | 396 | - Wesnoth profile |
406 | - bugfixes | 397 | - Hedegewars profile |
407 | mjudtmann (https://github.com/mjudtmann) | 398 | - manpage fixes |
408 | - lock firejail configuration in disable-mgmt.inc | 399 | - fixed firecfg clean/clear issue |
409 | iiotx (https://github.com/iiotx) | 400 | - found the ugliest bug so far |
410 | - use generic.profile by default | 401 | - seccomp debug description in man page |
411 | pstn (https://github.com/pstn) | 402 | Veeti Paananen (https://github.com/veeti) |
412 | - added install-strip, make install without strip | 403 | - fixed Spotify profile |
413 | Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) | 404 | vismir2 (https://github.com/vismir2) |
414 | - src/lib/libnetlink.c extracted from iproute2 software package | 405 | - feh, ranger, 7z, keepass, keepassx and zathura profiles |
415 | 406 | - claws-mail, mutt, git, emacs, vim profiles | |
407 | - lots of profile fixes | ||
408 | - support for truecrypt and zuluCrypt | ||
409 | xee5ch (https://github.com/xee5ch) | ||
410 | - skypeforlinux profile | ||
411 | yumkam (https://github.com/yumkam) | ||
412 | - add compile-time option to restrict --net= to root only | ||
413 | - man page fixes | ||
414 | Zack Weinberg (https://github.com/zackw) | ||
415 | - added support for joining a persistent, named network namespace | ||
416 | - removed libconnect | ||
417 | - fixed memory corruption in noblacklist processing | ||
418 | - rework DISPLAY environment parsing | ||
419 | - rework masking X11 sockets in /tmp/.X11-unix directory | ||
420 | - rework xpra and xephyr detection | ||
421 | - rework abstract X11 socket detection | ||
422 | - rework X11 display number assignment | ||
423 | - rework X11 xorg processing | ||
424 | - rework fcopy, --follow-link support in fcopy | ||
425 | - follow link support in --private-bin | ||
426 | - wait_for_other function rewrite | ||
427 | - xvfb X11 server support | ||
428 | |||
416 | Copyright (C) 2014-2017 Firejail Authors | 429 | Copyright (C) 2014-2017 Firejail Authors |