diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 74 |
1 files changed, 42 insertions, 32 deletions
@@ -1,13 +1,14 @@ | |||
1 | Firejail is a SUID sandbox program that reduces the risk of security | 1 | Firejail is a SUID sandbox program that reduces the risk of security breaches |
2 | breaches by restricting the running environment of untrusted applications | 2 | by restricting the running environment of untrusted applications using Linux |
3 | using Linux namespaces and seccomp-bpf. It includes sandbox profiles for | 3 | namespaces and seccomp-bpf. |
4 | Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission, | 4 | |
5 | VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent. | 5 | It includes sandbox profiles for many programs, including Iceweasel/Mozilla |
6 | DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, | 6 | Firefox, Chromium, Midori, Opera, Evince, Transmission, VLC, Audacious, |
7 | Pidgin, Quassel, and XChat. | 7 | Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, |
8 | FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. | ||
8 | 9 | ||
9 | Firejail also expands the restricted shell facility found in bash by adding | 10 | Firejail also expands the restricted shell facility found in bash by adding |
10 | Linux namespace support. It supports sandboxing specific users upon login. | 11 | Linux namespace support. It supports sandboxing specific users upon login. |
11 | 12 | ||
12 | Download: https://sourceforge.net/projects/firejail/files/ | 13 | Download: https://sourceforge.net/projects/firejail/files/ |
13 | Build and install: ./configure && make && sudo make install | 14 | Build and install: ./configure && make && sudo make install |
@@ -17,30 +18,33 @@ Backup Video Channel: https://www.bitchute.com/profile/JSBsA1aoQVfW/ | |||
17 | Development: https://github.com/netblue30/firejail | 18 | Development: https://github.com/netblue30/firejail |
18 | License: GPL v2 | 19 | License: GPL v2 |
19 | 20 | ||
20 | Please report all security vulnerabilities at netblue30@protonmail.com | 21 | Please report all security vulnerabilities to: |
22 | |||
23 | * <netblue30@protonmail.com> | ||
21 | 24 | ||
22 | Compile and install mainline version from GitHub: | 25 | Compile and install the mainline version from GitHub: |
23 | 26 | ||
24 | $ git clone https://github.com/netblue30/firejail.git | 27 | git clone https://github.com/netblue30/firejail.git |
25 | $ cd firejail | 28 | cd firejail |
26 | $ ./configure && make && sudo make install-strip | 29 | ./configure && make && sudo make install-strip |
27 | 30 | ||
28 | On Debian/Ubuntu you will need to install git and gcc compiler. AppArmor | 31 | On Debian/Ubuntu you will need to install git and gcc. AppArmor development |
29 | development libraries and pkg-config are required when using --enable-apparmor | 32 | libraries and pkg-config are required when using the --enable-apparmor |
30 | ./configure option: | 33 | ./configure option: |
31 | 34 | ||
32 | $ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk | 35 | sudo apt-get install git build-essential libapparmor-dev pkg-config gawk |
33 | 36 | ||
34 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). | 37 | For --selinux option, add libselinux1-dev (libselinux-devel for Fedora). |
35 | 38 | ||
36 | We build our release firejail.tar.xz and firejail.deb packages using the following command: | 39 | We build our release firejail.tar.xz and firejail.deb packages using the |
37 | $ make distclean && ./configure && make deb | 40 | following commands: |
38 | 41 | ||
42 | make distclean && ./configure && make deb | ||
39 | 43 | ||
40 | Maintainer: | 44 | Maintainer: |
41 | - netblue30 (netblue30@protonmail.com) | 45 | - netblue30 (netblue30@protonmail.com) |
42 | 46 | ||
43 | Committers | 47 | Committers: |
44 | - chiraag-nataraj (https://github.com/chiraag-nataraj) | 48 | - chiraag-nataraj (https://github.com/chiraag-nataraj) |
45 | - crass (https://github.com/crass) | 49 | - crass (https://github.com/crass) |
46 | - ChrysoliteAzalea (https://github.com/ChrysoliteAzalea) | 50 | - ChrysoliteAzalea (https://github.com/ChrysoliteAzalea) |
@@ -55,15 +59,16 @@ Committers | |||
55 | - rusty-snake (https://github.com/rusty-snake) | 59 | - rusty-snake (https://github.com/rusty-snake) |
56 | - smitsohu (https://github.com/smitsohu) | 60 | - smitsohu (https://github.com/smitsohu) |
57 | - SkewedZeppelin (https://github.com/SkewedZeppelin) | 61 | - SkewedZeppelin (https://github.com/SkewedZeppelin) |
58 | - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer) | 62 | - startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches |
63 | maintainer) | ||
59 | - Topi Miettinen (https://github.com/topimiettinen) | 64 | - Topi Miettinen (https://github.com/topimiettinen) |
60 | - veloute (https://github.com/veloute) | 65 | - veloute (https://github.com/veloute) |
61 | - Vincent43 (https://github.com/Vincent43) | 66 | - Vincent43 (https://github.com/Vincent43) |
62 | - netblue30 (netblue30@protonmail.com) | 67 | - netblue30 (netblue30@protonmail.com) |
63 | 68 | ||
69 | --- | ||
64 | 70 | ||
65 | 71 | Firejail Authors (alphabetical order): | |
66 | Firejail Authors (alphabetical order) | ||
67 | 72 | ||
68 | 0x7969 (https://github.com/0x7969) | 73 | 0x7969 (https://github.com/0x7969) |
69 | - fix wire-desktop.profile | 74 | - fix wire-desktop.profile |
@@ -313,7 +318,8 @@ curiosityseeker (https://github.com/curiosityseeker - new) | |||
313 | - updated keypassxc profile | 318 | - updated keypassxc profile |
314 | - added syscalls.sh, which determine the necessary syscalls for a program | 319 | - added syscalls.sh, which determine the necessary syscalls for a program |
315 | - fixed conky profile | 320 | - fixed conky profile |
316 | - thunderbird.profile: harden and enable the rules necessary to make Firefox open links | 321 | - thunderbird.profile: harden and enable the rules necessary to make |
322 | Firefox open links | ||
317 | da2x (https://github.com/da2x) | 323 | da2x (https://github.com/da2x) |
318 | - matched RPM license tag | 324 | - matched RPM license tag |
319 | Daan Bakker (https://github.com/dbakker) | 325 | Daan Bakker (https://github.com/dbakker) |
@@ -358,7 +364,8 @@ Disconnect3d (https://github.com/disconnect3d) | |||
358 | dm9pZCAq (https://github.com/dm9pZCAq) | 364 | dm9pZCAq (https://github.com/dm9pZCAq) |
359 | - fix for compilation under musl | 365 | - fix for compilation under musl |
360 | dmfreemon (https://github.com/dmfreemon) | 366 | dmfreemon (https://github.com/dmfreemon) |
361 | - add sandbox name or name of private directory to the window title when xpra is used | 367 | - add sandbox name or name of private directory to the window title |
368 | when xpra is used | ||
362 | - handle malloc() failures; use gnu_basename() instead of basenaem() | 369 | - handle malloc() failures; use gnu_basename() instead of basenaem() |
363 | Dmitriy Chestnykh (https://github.com/chestnykh) | 370 | Dmitriy Chestnykh (https://github.com/chestnykh) |
364 | - add ability to disable user profiles at compile time | 371 | - add ability to disable user profiles at compile time |
@@ -1030,7 +1037,8 @@ soredake (https://github.com/soredake) | |||
1030 | - add localtime to private-etc to make qtox show correct time | 1037 | - add localtime to private-etc to make qtox show correct time |
1031 | - fixes for the keepassxc 2.2.5 version | 1038 | - fixes for the keepassxc 2.2.5 version |
1032 | SkewedZeppelin (https://github.com/SkewedZeppelin) | 1039 | SkewedZeppelin (https://github.com/SkewedZeppelin) |
1033 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles | 1040 | - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, |
1041 | Lollypop, MultiMC5 profiles | ||
1034 | - added PDFSam, Pithos, and Xonotic profiles | 1042 | - added PDFSam, Pithos, and Xonotic profiles |
1035 | - disabled Go, Rust, and OpenSSL in disable-devel.conf | 1043 | - disabled Go, Rust, and OpenSSL in disable-devel.conf |
1036 | - added dino profile | 1044 | - added dino profile |
@@ -1048,7 +1056,8 @@ SkewedZeppelin (https://github.com/SkewedZeppelin) | |||
1048 | - added IntelliJ IDEA and Android Studio profiles | 1056 | - added IntelliJ IDEA and Android Studio profiles |
1049 | - added arm profile | 1057 | - added arm profile |
1050 | - lots of profile improvements/tightening | 1058 | - lots of profile improvements/tightening |
1051 | - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, | 1059 | - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, |
1060 | sdat2img, | ||
1052 | soundconverter, sqlitebrowser, and truecraft profiles | 1061 | soundconverter, sqlitebrowser, and truecraft profiles |
1053 | - added gnome-twitch profile | 1062 | - added gnome-twitch profile |
1054 | - Unified all 341 profiles | 1063 | - Unified all 341 profiles |
@@ -1085,10 +1094,12 @@ SYN-cook (https://github.com/SYN-cook) | |||
1085 | - gnome-calculator changes | 1094 | - gnome-calculator changes |
1086 | startx2017 (https://github.com/startx2017) | 1095 | startx2017 (https://github.com/startx2017) |
1087 | - syscall list update | 1096 | - syscall list update |
1088 | - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, | 1097 | - updated default seccomp filters - added bpf, clock_settime, |
1089 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | 1098 | personality, process_vm_writev, query_module, settimeofday, stime, |
1099 | umount, userfaultfd, ustat, vm86, and vm86old | ||
1090 | - enable/disable join support in /etc/firejail/firejail.config | 1100 | - enable/disable join support in /etc/firejail/firejail.config |
1091 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist | 1101 | - firecfg fix: create ~/.local/share/applications directory if it |
1102 | doesn't exist | ||
1092 | - firejail.config cleanup | 1103 | - firejail.config cleanup |
1093 | - --quiet fixes | 1104 | - --quiet fixes |
1094 | - bugfixes branches maintainer | 1105 | - bugfixes branches maintainer |
@@ -1250,10 +1261,9 @@ Zack Weinberg (https://github.com/zackw) | |||
1250 | - wait_for_other function rewrite | 1261 | - wait_for_other function rewrite |
1251 | - Xvfb X11 server support | 1262 | - Xvfb X11 server support |
1252 | - Xvfb and Xephyr profiles, modified Xpra profile | 1263 | - Xvfb and Xephyr profiles, modified Xpra profile |
1253 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started | 1264 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes |
1254 | with firejail --x11 | 1265 | when started with firejail --x11 |
1255 | - support for xpra-extra-params in firejail.config | 1266 | - support for xpra-extra-params in firejail.config |
1256 | |||
1257 | zupatisc (https://github.com/zupatisc) | 1267 | zupatisc (https://github.com/zupatisc) |
1258 | - patch-util fix | 1268 | - patch-util fix |
1259 | 1269 | ||