From 707c7917e50a56a759c3ad2f0ad8a6914750d2a3 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 1 Feb 2023 04:18:47 -0300 Subject: docs: fix line breaks around elements in markdown Ensure consistent line breaks around headings, lists and code blocks. To make them more readable and also more portable (which could help when previewing/converting files locally). From the CommonMark Spec (version 0.30, published on 2021-06-19)[1]: > 1.2 Why is a spec needed? [...] > 2. Is a blank line needed before a block quote or heading? Most > implementations do not require the blank line. However, this can > lead to unexpected results in hard-wrapped text, and also to > ambiguities in parsing (note that some implementations put the > heading inside the blockquote, while others do not). (John Gruber > has also spoken in favor of requiring the blank lines.)[2] > > 3. Is a blank line needed before an indented code block? > (`Markdown.pl` requires it, but this is not mentioned in the > documentation, and some implementations do not require it.) Fixes[3]: * MD022 Headers should be surrounded by blank lines * MD031 Fenced code blocks should be surrounded by blank lines * MD032 Lists should be surrounded by blank lines Environment: ruby-mdl 0.12.0-1 on Artix Linux. [1] https://spec.commonmark.org/0.30/#why-is-a-spec-needed- [2] http://article.gmane.org/gmane.text.markdown.general/2146 [3] https://github.com/markdownlint/markdownlint/blob/main/docs/RULES.md --- .github/pull_request_template.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to '.github') diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 3c256dd87..72556609b 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,10 +1,12 @@ If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR. If you submit a PR for new profiles or changing profiles, please do the following: + - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). - The path to it depends on your distro: + + The path to it depends on your distro: | Distro | Path | | ------ | ---- | -- cgit v1.2.3-54-g00ecf From 823ff0a0141944579cc518abf473d6d99940aaca Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Wed, 1 Feb 2023 04:39:02 -0300 Subject: docs: fix headings and yaml frontmatter --- .github/ISSUE_TEMPLATE/feature_request.md | 1 + CONTRIBUTING.md | 8 +++++--- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to '.github') diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index a723cdbde..ce1b70e39 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -4,6 +4,7 @@ about: Suggest an idea for this project title: '' labels: '' assignees: '' + --- ### Is your feature request related to a problem? Please describe. diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 9c7dad2dc..a249e7873 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,6 +1,8 @@ +# Contributing + Welcome to firejail, and thank you for your interest in contributing! -# Opening an issue: +## Opening an issue We welcome issues, whether to ask a question, provide information, request a new profile or feature, or to report a suspected bug or problem. @@ -29,7 +31,7 @@ firejail-profiles was not installed when installing firejail. We take security bugs very seriously. If you believe you have found one, please report it by emailing us at netblue30@protonmail.com -# Opening an pull request: +## Opening a pull request Pull requests with enhancements, bugfixes or new profiles are very welcome. @@ -44,6 +46,6 @@ If you add a new command, here's the checklist: - [ ] Update syntax files (run `make syntax` or just `make`) - [ ] Update --help -# Editing the wiki +## Editing the wiki You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki). -- cgit v1.2.3-54-g00ecf From 489305c49c8b49e56c5613f15e86e21f5d64db4d Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Mar 2023 03:08:54 -0300 Subject: docs: remove indents on top-level lists and tables And the surrounding paragraphs. Attempt 2; see commit be5e5f5cd ("pull_request_template.md: restore indentation", 2023-02-25). --- .github/pull_request_template.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to '.github') diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 72556609b..6e82f45aa 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -2,18 +2,18 @@ If your PR isn't about profiles or you have no idea how to do one of these, skip If you submit a PR for new profiles or changing profiles, please do the following: - - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). - > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. - - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). +- The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). + > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. +- Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). - The path to it depends on your distro: + The path to it depends on your distro: - | Distro | Path | - | ------ | ---- | - | Arch/Fedora | `/usr/lib64/firejail/sort.py` | - | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | - | local git clone | `contrib/sort.py` | + | Distro | Path | + | ------ | ---- | + | Arch/Fedora | `/usr/lib64/firejail/sort.py` | + | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | + | local git clone | `contrib/sort.py` | - Note also that the sort.py script exists only since firejail `0.9.61`. + Note also that the sort.py script exists only since firejail `0.9.61`. See also [CONTRIBUTING.md](/CONTRIBUTING.md). -- cgit v1.2.3-54-g00ecf From 26c553ec521a3f20cf3b77a4230e85cdd314fbe7 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Fri, 24 Mar 2023 01:22:01 -0300 Subject: docs: remove old notes from PR template profile.template and sort.py have been released for a while now. --- .github/pull_request_template.md | 3 --- 1 file changed, 3 deletions(-) (limited to '.github') diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 6e82f45aa..1947cb00f 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -3,7 +3,6 @@ If your PR isn't about profiles or you have no idea how to do one of these, skip If you submit a PR for new profiles or changing profiles, please do the following: - The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). - > Hint: The profile-template is very new. If you install firejail with your package manager, it may be missing. In order to follow the latest rules, it is recommended to use the template from the repository. - Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). The path to it depends on your distro: @@ -14,6 +13,4 @@ If you submit a PR for new profiles or changing profiles, please do the followin | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | | local git clone | `contrib/sort.py` | - Note also that the sort.py script exists only since firejail `0.9.61`. - See also [CONTRIBUTING.md](/CONTRIBUTING.md). -- cgit v1.2.3-54-g00ecf From 79c52d8e971c32d0a19c1bf65d5b8183f852cadc Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 23 Mar 2023 16:47:40 -0300 Subject: docs: clarify and improve links and items Changes: * Add titles to referenced issues/discussions * Use relative links for paths * Separate repo paths from installed paths * Turn some links and items into lists to make them stand out --- .github/pull_request_template.md | 9 ++++++--- CONTRIBUTING.md | 26 ++++++++++++++++++-------- README.md | 37 +++++++++++++++++++++++++++---------- 3 files changed, 51 insertions(+), 21 deletions(-) (limited to '.github') diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 1947cb00f..faa2a4108 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -2,8 +2,11 @@ If your PR isn't about profiles or you have no idea how to do one of these, skip If you submit a PR for new profiles or changing profiles, please do the following: -- The ordering of options follow the rules described in [/usr/share/doc/firejail/profile.template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). -- Order the arguments of options alphabetically. You can easily do this with [sort.py](https://github.com/netblue30/firejail/tree/master/contrib/sort.py). +- The ordering of options follow the rules described in + [etc/templates/profile.template](../blob/master/etc/templates/profile.template) + (/usr/share/doc/firejail/profile.template when installed). +- Order the arguments of options alphabetically. You can easily do this with + [sort.py](../blob/master/contrib/sort.py). The path to it depends on your distro: @@ -13,4 +16,4 @@ If you submit a PR for new profiles or changing profiles, please do the followin | Debian/Ubuntu/Mint | `/usr/lib/x86_64-linux-gnu/firejail/sort.py` | | local git clone | `contrib/sort.py` | -See also [CONTRIBUTING.md](/CONTRIBUTING.md). +See also [CONTRIBUTING.md](../blob/master/CONTRIBUTING.md). diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 55d8974c4..e1f533dde 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,8 +7,10 @@ Welcome to firejail, and thank you for your interest in contributing! We welcome issues, whether to ask a question, provide information, request a new profile or feature, or to report a suspected bug or problem. -If you want to request a program profile that we don't already have, please add a comment in -our [dedicated issue](https://github.com/netblue30/firejail/issues/1139). +If you want to request a program profile that we don't already have, please add +a comment in our dedicated issue: + +- [Profile requests](https://github.com/netblue30/firejail/issues/1139) When submitting a bug report, please provide the following information so that we can handle the report more easily: @@ -22,11 +24,15 @@ we can handle the report more easily: let us know if it runs correctly or not. - You may also try disabling various options provided in `/etc/firejail/` until you find out which one causes problems. It will significantly help to find solution for your issue. -Please note: if you are running Debian, Ubuntu, Linux Mint, or another related +Please note: If you are running Debian, Ubuntu, Linux Mint, or another related distribution and you installed firejail from your distro's repositories, please -ensure that **both** of the following were installed: -`firejail` and `firejail-profiles`. A common source of issues is that -firejail-profiles was not installed when installing firejail. +ensure that **all** of the following packages were installed: + +- firejail +- firejail-profiles + +A common source of issues is that firejail-profiles was not installed when +installing firejail. ## Security vulnerabilities @@ -37,8 +43,12 @@ See [SECURITY.md](SECURITY.md). Pull requests with enhancements, bugfixes or new profiles are very welcome. If you want to write a new profile, the easiest way to do this is to use the -[profile template](https://github.com/netblue30/firejail/blob/master/etc/templates/profile.template). -If you have already written a profile, please make sure it follows the rules described in the template. +profile template: + +- [etc/templates/profile.template](etc/templates/profile.template) + +If you have already written a profile, please make sure it follows the rules +described in the template. If you add a new command, here's the checklist: diff --git a/README.md b/README.md index d03f4776a..a157651c3 100644 --- a/README.md +++ b/README.md @@ -189,23 +189,35 @@ PulseAudio changes. Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. The integration applies to any program supported by default by Firejail. There are about 250 default applications in current Firejail version, and the number goes up with every new release. -We keep the application list in [/etc/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. + +We keep the application list in +[src/firecfg/firecfg.config](src/firecfg/firecfg.config) +(/etc/firejail/firecfg.config when installed). ## Security profiles -Most Firejail command line options can be passed to the sandbox using profile files. -You can find the profiles for all supported applications in [/etc/firejail](https://github.com/netblue30/firejail/tree/master/etc) directory. +Most Firejail command line options can be passed to the sandbox using profile +files. + +You can find the profiles for all supported applications in [etc/](etc/) +(/etc/firejail/ when installed). + +We also keep a list of profile fixes for previous released versions in +[etc-fixes/](etc-fixes/). -If you keep additional Firejail security profiles in a public repository, please give us a link: +If you keep additional Firejail security profiles in a public repository, +please give us a link: * * -Use this issue to request new profiles: [#1139](https://github.com/netblue30/firejail/issues/1139) +Use this issue to request new profiles: -You can also use this tool to get a list of syscalls needed by a program: [contrib/syscalls.sh](contrib/syscalls.sh). +* [Profile requests](https://github.com/netblue30/firejail/issues/1139) -We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. +You can also use this tool to get a list of syscalls needed by a program: + +* [contrib/syscalls.sh](contrib/syscalls.sh) ## Latest released version: 0.9.72 @@ -257,13 +269,18 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe $ strace /usr/bin/transmission-qt 2>&1 | grep open | grep etc ``` -We keep the list of groups in [src/include/etc_groups.h](https://github.com/netblue30/firejail/blob/master/src/include/etc_groups.h) +We keep the list of groups in +[src/include/etc_groups.h](src/include/etc_groups.h). + +Discussion: -Discussion: +* [private-etc rework](https://github.com/netblue30/firejail/discussions/5610) ### Profile Statistics -A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. +A small tool to print profile statistics. Compile and install as usual. +The tool is installed in the /usr/lib/firejail directory. + Run it over the profiles in /etc/profiles: ```console -- cgit v1.2.3-54-g00ecf From 331158da03624e96000e02610f9bae358a34b810 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Thu, 23 Mar 2023 17:48:00 -0300 Subject: docs: line-wrap some long lines --- .github/ISSUE_TEMPLATE/bug_report.md | 9 ++++++--- .github/pull_request_template.md | 6 ++++-- CONTRIBUTING.md | 7 ++++--- README | 27 +++++++++++++++++---------- README.md | 25 +++++++++++++++++-------- 5 files changed, 48 insertions(+), 26 deletions(-) (limited to '.github') diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 53066013d..fc74640d4 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -22,7 +22,8 @@ _Describe the bug_ _Steps to reproduce the behavior_ -1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent output in English that can be understood by everybody) +1. Run in bash `LC_ALL=C firejail PROGRAM` (`LC_ALL=C` to get a consistent + output in English that can be understood by everybody) 2. Click on '....' 3. Scroll down to '....' 4. See error `ERROR` @@ -37,7 +38,8 @@ _What actually happened_ ### Behavior without a profile -_What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a terminal?_ +_What changed calling `LC_ALL=C firejail --noprofile /path/to/program` in a +terminal?_ ### Additional context @@ -47,7 +49,8 @@ _Any other detail that may help to understand/debug the problem_ - Linux distribution and version (e.g. "Ubuntu 20.04" or "Arch Linux") - Firejail version (`firejail --version`). -- If you use a development version of firejail, also the commit from which it was compiled (`git rev-parse HEAD`). +- If you use a development version of firejail, also the commit from which it + was compiled (`git rev-parse HEAD`). ### Checklist diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index faa2a4108..ecc5be304 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,6 +1,8 @@ -If your PR isn't about profiles or you have no idea how to do one of these, skip the following and go ahead with this PR. +If your PR isn't about profiles or you have no idea how to do one of these, +skip the following and go ahead with this PR. -If you submit a PR for new profiles or changing profiles, please do the following: +If you submit a PR for new profiles or changing profiles, please do the +following: - The ordering of options follow the rules described in [etc/templates/profile.template](../blob/master/etc/templates/profile.template) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a9cdfbc0f..ebc4d3a20 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,8 +4,8 @@ Welcome to firejail, and thank you for your interest in contributing! ## Opening an issue -We welcome issues, whether to ask a question, provide information, request a new profile or -feature, or to report a suspected bug or problem. +We welcome issues, whether to ask a question, provide information, request a +new profile or feature, or to report a suspected bug or problem. If you want to request a program profile that we don't already have, please add a comment in our dedicated issue: @@ -62,4 +62,5 @@ If you add a new command, here's the checklist: ## Editing the wiki -You are highly encouraged to add your own tips and tricks to the [wiki](https://github.com/netblue30/firejail/wiki). +You are highly encouraged to add your own tips and tricks to the +[wiki](https://github.com/netblue30/firejail/wiki). diff --git a/README b/README index fb8737c31..9833e078e 100644 --- a/README +++ b/README @@ -59,7 +59,8 @@ Committers: - rusty-snake (https://github.com/rusty-snake) - smitsohu (https://github.com/smitsohu) - SkewedZeppelin (https://github.com/SkewedZeppelin) -- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer) +- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches + maintainer) - Topi Miettinen (https://github.com/topimiettinen) - veloute (https://github.com/veloute) - Vincent43 (https://github.com/Vincent43) @@ -317,7 +318,8 @@ curiosityseeker (https://github.com/curiosityseeker - new) - updated keypassxc profile - added syscalls.sh, which determine the necessary syscalls for a program - fixed conky profile - - thunderbird.profile: harden and enable the rules necessary to make Firefox open links + - thunderbird.profile: harden and enable the rules necessary to make + Firefox open links da2x (https://github.com/da2x) - matched RPM license tag Daan Bakker (https://github.com/dbakker) @@ -362,7 +364,8 @@ Disconnect3d (https://github.com/disconnect3d) dm9pZCAq (https://github.com/dm9pZCAq) - fix for compilation under musl dmfreemon (https://github.com/dmfreemon) - - add sandbox name or name of private directory to the window title when xpra is used + - add sandbox name or name of private directory to the window title + when xpra is used - handle malloc() failures; use gnu_basename() instead of basenaem() Dmitriy Chestnykh (https://github.com/chestnykh) - add ability to disable user profiles at compile time @@ -1034,7 +1037,8 @@ soredake (https://github.com/soredake) - add localtime to private-etc to make qtox show correct time - fixes for the keepassxc 2.2.5 version SkewedZeppelin (https://github.com/SkewedZeppelin) - - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles + - added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, + Lollypop, MultiMC5 profiles - added PDFSam, Pithos, and Xonotic profiles - disabled Go, Rust, and OpenSSL in disable-devel.conf - added dino profile @@ -1052,7 +1056,8 @@ SkewedZeppelin (https://github.com/SkewedZeppelin) - added IntelliJ IDEA and Android Studio profiles - added arm profile - lots of profile improvements/tightening - - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, + - added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, + sdat2img, soundconverter, sqlitebrowser, and truecraft profiles - added gnome-twitch profile - Unified all 341 profiles @@ -1089,10 +1094,12 @@ SYN-cook (https://github.com/SYN-cook) - gnome-calculator changes startx2017 (https://github.com/startx2017) - syscall list update - - updated default seccomp filters - added bpf, clock_settime, personality, process_vm_writev, query_module, - settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old + - updated default seccomp filters - added bpf, clock_settime, + personality, process_vm_writev, query_module, settimeofday, stime, + umount, userfaultfd, ustat, vm86, and vm86old - enable/disable join support in /etc/firejail/firejail.config - - firecfg fix: create ~/.local/share/applications directory if it doesn't exist + - firecfg fix: create ~/.local/share/applications directory if it + doesn't exist - firejail.config cleanup - --quiet fixes - bugfixes branches maintainer @@ -1254,8 +1261,8 @@ Zack Weinberg (https://github.com/zackw) - wait_for_other function rewrite - Xvfb X11 server support - Xvfb and Xephyr profiles, modified Xpra profile - - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started - with firejail --x11 + - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes + when started with firejail --x11 - support for xpra-extra-params in firejail.config zupatisc (https://github.com/zupatisc) - patch-util fix diff --git a/README.md b/README.md index ab8cca261..05dd2a52f 100644 --- a/README.md +++ b/README.md @@ -74,11 +74,14 @@ See [SECURITY.md](SECURITY.md). ### Debian -Debian stable (bullseye): We recommend to use the [backports](https://packages.debian.org/bullseye-backports/firejail) package. +Debian stable (bullseye): We recommend to use the +[backports](https://packages.debian.org/bullseye-backports/firejail) package. ### Ubuntu -For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly advised** to use the [PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). +For Ubuntu 18.04+ and derivatives (such as Linux Mint), users are **strongly +advised** to use the +[PPA](https://launchpad.net/~deki/+archive/ubuntu/firejail). How to add and install from the PPA: @@ -88,10 +91,12 @@ sudo apt-get update sudo apt-get install firejail firejail-profiles ``` -Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to CVE-2021-26910 for months after a patch for it was posted on Launchpad: +Reason: The firejail package for Ubuntu 20.04 has been left vulnerable to +CVE-2021-26910 for months after a patch for it was posted on Launchpad: * [CVE-2021-26910](https://github.com/advisories/GHSA-2q4h-h5jp-942w) -* [firejail version in Ubuntu 20.04 LTS is vulnerable to CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767) +* [firejail version in Ubuntu 20.04 LTS is vulnerable to + CVE-2021-26910](https://bugs.launchpad.net/ubuntu/+source/firejail/+bug/1916767) See also : @@ -102,12 +107,15 @@ See also : > the Ubuntu Security team for the life of an Ubuntu release, while binary > packages in universe and multiverse are supported by the Ubuntu community. -Additionally, the PPA version is likely to be more recent and to contain more profile fixes. +Additionally, the PPA version is likely to be more recent and to contain more +profile fixes. See the following discussions for details: -* [Should I keep using the version of firejail available in my distro repos?](https://github.com/netblue30/firejail/discussions/4666) -* [How to install the latest version on Ubuntu and derivatives](https://github.com/netblue30/firejail/discussions/4663) +* [Should I keep using the version of firejail available in my distro + repos?](https://github.com/netblue30/firejail/discussions/4666) +* [How to install the latest version on Ubuntu and + derivatives](https://github.com/netblue30/firejail/discussions/4663) ### Other @@ -149,7 +157,8 @@ sudo apt-get install git build-essential libapparmor-dev pkg-config gawk For `--selinux` option, add libselinux1-dev (libselinux-devel for Fedora). -Detailed information on using firejail from git is available on the [wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). +Detailed information on using firejail from git is available on the +[wiki](https://github.com/netblue30/firejail/wiki/Using-firejail-from-git). ## Running the sandbox -- cgit v1.2.3-54-g00ecf From a516247a1c2715b98c8b6281cbd76d5399f51540 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sun, 26 Mar 2023 04:26:59 -0300 Subject: docs: line-wrap markdown and use double-spacing Use two spaces to separate sentences to make the source easier to read in monospace fonts (such as when editing or reviewing it), especially for longer paragraphs. The HTML output should still look the same. Misc: This also removes source-level ambiguity regarding abbreviations (such as "Mr.") vs the end of sentences and enables moving between sentences in vi with `(` and `)`, for example. --- .github/pull_request_template.md | 2 +- CONTRIBUTING.md | 15 ++++++------ README | 4 ++-- README.md | 50 ++++++++++++++++++++++------------------ 4 files changed, 38 insertions(+), 33 deletions(-) (limited to '.github') diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ecc5be304..4a7998e87 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -7,7 +7,7 @@ following: - The ordering of options follow the rules described in [etc/templates/profile.template](../blob/master/etc/templates/profile.template) (/usr/share/doc/firejail/profile.template when installed). -- Order the arguments of options alphabetically. You can easily do this with +- Order the arguments of options alphabetically. You can easily do this with [sort.py](../blob/master/contrib/sort.py). The path to it depends on your distro: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ebc4d3a20..1ae293264 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,17 +15,18 @@ a comment in our dedicated issue: When submitting a bug report, please provide the following information so that we can handle the report more easily: -- firejail version. If you're not sure, open a terminal and type `firejail --version`. +- firejail version. If you're not sure, open a terminal and type `firejail + --version`. - Linux distribution (so that we can try to reproduce it, if necessary). -- If you know that the problem did not exist in an earlier version of firejail, please mention it. -- If you are reporting that a program does not work with firejail, please also run firejail with - the `--noprofile` argument. - For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and +- If you know that the problem did not exist in an earlier version of firejail, + please mention it. +- If you are reporting that a program does not work with firejail, please also + run firejail with the `--noprofile` argument. For example, if `firejail + firefox` does not work, please also run `firejail --noprofile firefox` and let us know if it runs correctly or not. - You may also try disabling various options provided in `/etc/firejail/` until you find out which one causes - problems. - It will significantly help in finding a solution for your issue. + problems. It will significantly help in finding a solution for your issue. Please note: If you are running Debian, Ubuntu, Linux Mint, or another related distribution and you installed firejail from your distro's repositories, please diff --git a/README b/README index 9833e078e..0d402a854 100644 --- a/README +++ b/README @@ -8,7 +8,7 @@ Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. Firejail also expands the restricted shell facility found in bash by adding -Linux namespace support. It supports sandboxing specific users upon login. +Linux namespace support. It supports sandboxing specific users upon login. Download: https://sourceforge.net/projects/firejail/files/ Build and install: ./configure && make && sudo make install @@ -28,7 +28,7 @@ Compile and install the mainline version from GitHub: cd firejail ./configure && make && sudo make install-strip -On Debian/Ubuntu you will need to install git and gcc. AppArmor development +On Debian/Ubuntu you will need to install git and gcc. AppArmor development libraries and pkg-config are required when using the --enable-apparmor ./configure option: diff --git a/README.md b/README.md index 05dd2a52f..09a3276e6 100644 --- a/README.md +++ b/README.md @@ -5,20 +5,24 @@ [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) -Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting -the running environment of untrusted applications using Linux namespaces, seccomp-bpf -and Linux capabilities. It allows a process and all its descendants to have their own private -view of the globally shared kernel resources, such as the network stack, process table, mount table. -Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. - -Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel -version or newer. It can sandbox any type of processes: servers, graphical applications, and even -user login sessions. The software includes sandbox profiles for a number of more common Linux programs, +Firejail is a SUID sandbox program that reduces the risk of security breaches +by restricting the running environment of untrusted applications using Linux +namespaces, seccomp-bpf and Linux capabilities. It allows a process and all +its descendants to have their own private view of the globally shared kernel +resources, such as the network stack, process table, mount table. Firejail can +work in a SELinux or AppArmor environment, and it is integrated with Linux +Control Groups. + +Written in C with virtually no dependencies, the software runs on any Linux +computer with a 3.x kernel version or newer. It can sandbox any type of +processes: servers, graphical applications, and even user login sessions. The +software includes sandbox profiles for a number of more common Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc. -The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, -no socket connections open, no daemons running in the background. All security features are -implemented directly in Linux kernel and available on any Linux computer. +The sandbox is lightweight, the overhead is low. There are no complicated +configuration files to edit, no socket connections open, no daemons running in +the background. All security features are implemented directly in Linux kernel +and available on any Linux computer. ## Videos @@ -103,7 +107,7 @@ See also : > What software is supported by the Ubuntu Security team? > > Ubuntu is currently divided into four components: main, restricted, universe -> and multiverse. All binary packages in main and restricted are supported by +> and multiverse. All binary packages in main and restricted are supported by > the Ubuntu Security team for the life of an Ubuntu release, while binary > packages in universe and multiverse are supported by the Ubuntu community. @@ -147,7 +151,7 @@ cd firejail ./configure && make && sudo make install-strip ``` -On Debian/Ubuntu you will need to install git and gcc. AppArmor development +On Debian/Ubuntu you will need to install git and gcc. AppArmor development libraries and pkg-config are required when using the `--enable-apparmor` ./configure option: @@ -171,7 +175,7 @@ firejail vlc # starting VideoLAN Client sudo firejail /etc/init.d/nginx start ``` -Run `firejail --list` in a terminal to list all active sandboxes. Example: +Run `firejail --list` in a terminal to list all active sandboxes. Example: ```console $ firejail --list @@ -191,16 +195,16 @@ firecfg --fix-sound sudo firecfg ``` -The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. -The second command integrates Firejail into your desktop. You would need to logout and login back to apply -PulseAudio changes. +The first command solves some shared memory/PID namespace bugs in PulseAudio +software prior to version 9. The second command integrates Firejail into your +desktop. You would need to logout and login back to apply PulseAudio changes. Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. -The integration applies to any program supported by default by Firejail. -There are over 900 default applications in the current Firejail version, and -the number goes up with every new release. +The integration applies to any program supported by default by Firejail. There +are over 900 default applications in the current Firejail version, and the +number goes up with every new release. We keep the application list in [src/firecfg/firecfg.config](src/firecfg/firecfg.config) @@ -290,8 +294,8 @@ Discussion: ### Profile Statistics -A small tool to print profile statistics. Compile and install as usual. -The tool is installed in the /usr/lib/firejail directory. +A small tool to print profile statistics. Compile and install as usual. The +tool is installed in the /usr/lib/firejail directory. Run it over the profiles in /etc/profiles: -- cgit v1.2.3-54-g00ecf