From 4f25023d8d6582f4b28c046d6de258b58ea53671 Mon Sep 17 00:00:00 2001 From: Fred-Barclay Date: Thu, 27 Jul 2017 07:32:12 -0500 Subject: Updates after merges --- README | 4 ++++ README.md | 28 ++++++++++++++-------------- RELNOTES | 2 +- etc/disable-programs.inc | 1 + 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/README b/README index 215bbdb9d..c37e89092 100644 --- a/README +++ b/README @@ -42,6 +42,8 @@ Committers Firejail Authors (alphabetical order) +Aidan Gauland (https://github.com/aidalgol) + - added electron and riot-web profiles Akhil Hans Maulloo (https://github.com/kouul) - xz profile Alexey Kuznetsov (kuznet@ms2.inr.ac.ru) @@ -302,6 +304,8 @@ Niklas Haas (https://github.com/haasn) - blacklisting for keybase.io's client Ondra Nekola (https://github.com/satai) - allow firefox theming with non-global themes +Panzerfather (https://github.com/Panzerfather) + - allow eog to access user's trash Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) - user namespace implementation Paupiah Yash (https://github.com/CaffeinatedStud) diff --git a/README.md b/README.md index 28e9a876c..724b2e862 100644 --- a/README.md +++ b/README.md @@ -13,7 +13,7 @@ such as Mozilla Firefox, Chromium, VLC, Transmission etc. The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, no socket connections open, no daemons running in the background. All security features are -implemented directly in Linux kernel and available on any Linux computer. +implemented directly in Linux kernel and available on any Linux computer. [![About Firejail](video.png)](http://www.youtube.com/watch?v=Yk1HVPOeoTc) @@ -54,11 +54,11 @@ $ sudo firejail /etc/init.d/nginx start Run "firejail --list" in a terminal to list all active sandboxes. Example: ````` $ firejail --list -1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr -7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt -7779:netblue:/usr/bin/firejail /usr/bin/galculator -7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 -7916:netblue:firejail --list +1617:netblue:/usr/bin/firejail /usr/bin/firefox-esr +7719:netblue:/usr/bin/firejail /usr/bin/transmission-qt +7779:netblue:/usr/bin/firejail /usr/bin/galculator +7874:netblue:/usr/bin/firejail /usr/bin/vlc --started-from-file file:///home/netblue/firejail-whitelist.mp4 +7916:netblue:firejail --list ````` ## Desktop integration @@ -69,13 +69,13 @@ $ firecfg --fix-sound $ sudo firecfg ````` -The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. -The second command integrates Firejail into your desktop. You would need to logout and login back to apply +The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. +The second command integrates Firejail into your desktop. You would need to logout and login back to apply PulseAudio changes. -Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. -The integration applies to any program supported by default by Firejail. There are about 250 default applications -in current Firejail version, and the number goes up with every new release. +Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. +The integration applies to any program supported by default by Firejail. There are about 250 default applications +in current Firejail version, and the number goes up with every new release. We keep the application list in [/usr/lib/firejail/firecfg.config](https://github.com/netblue30/firejail/blob/master/src/firecfg/firecfg.config) file. ## Security profiles @@ -116,7 +116,7 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir ## Default seccomp list update -The following syscalls have been added: +The following syscalls have been added: afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, @@ -126,5 +126,5 @@ ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted b ## New profiles: -curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio - +curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, +IntelliJ IDEA, Android Studio, electron, riot-web diff --git a/RELNOTES b/RELNOTES index 860256d2a..6c4c94c6a 100644 --- a/RELNOTES +++ b/RELNOTES @@ -6,7 +6,7 @@ firejail (0.9.49) baseline; urgency=low * enhancement: default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, - * new profiles: Android Studio + * new profiles: Android Studio, electron, riot-web * bugfixes -- netblue30 Mon, 12 Jun 2017 20:00:00 -0500 diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 3c98b8ac3..0a4d4c4cb 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -47,6 +47,7 @@ blacklist ${HOME}/.config/Nylas Mail blacklist ${HOME}/.config/Qlipper blacklist ${HOME}/.config/QuiteRss blacklist ${HOME}/.config/QuiteRssrc +blacklist ${HOME}/.config/Riot blacklist ${HOME}/.config/Slack blacklist ${HOME}/.config/Thunar blacklist ${HOME}/.config/VirtualBox -- cgit v1.2.3-70-g09d2