From 8fd8fe3035f6ee353430032d0079420d4bfeaf2f Mon Sep 17 00:00:00 2001 From: netblue30 Date: Fri, 5 Feb 2016 07:52:41 -0500 Subject: 0.9.38 released --- README.md | 93 +-------------------------------------------------------------- 1 file changed, 1 insertion(+), 92 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 812ad4008..3addca694 100644 --- a/README.md +++ b/README.md @@ -32,96 +32,5 @@ Documentation: https://firejail.wordpress.com/documentation-2/ FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/ -# Current development version: 0.9.37 - -## Symlink invocation - -This is a small thing, but very convenient. Make a symbolic link (ln -s) to /usr/bin/firejail under -the name of the program you want to run, and put the link in the first $PATH position (for -example in /usr/local/bin). Example: -````` -$ which -a transmission-gtk -/usr/bin/transmission-gtk - -$ sudo ln -s /usr/bin/firejail /usr/local/bin/transmission-gtk - -$ which -a transmission-gtk -/usr/local/bin/transmission-gtk -/usr/bin/transmission-gtk -````` -We have in this moment two entries in $PATH for transmission. The first one is a symlink to firejail. -The second one is the real program. Starting transmission in this moment, invokes "firejail transmission-gtk" -````` -$ transmission-gtk -Redirecting symlink to /usr/bin/transmission-gtk -Reading profile /etc/firejail/transmission-gtk.profile -Reading profile /etc/firejail/disable-mgmt.inc -Reading profile /etc/firejail/disable-secret.inc -Reading profile /etc/firejail/disable-common.inc -Reading profile /etc/firejail/disable-devel.inc -Parent pid 19343, child pid 19344 -Blacklist violations are logged to syslog -Child process initialized -````` - - -## IPv6 support: -````` - --ip6=address - Assign IPv6 addresses to the last network interface defined by a - --net option. - - Example: - $ firejail --net=eth0 --ip6=2001:0db8:0:f101::1/64 firefox - - --netfilter6=filename - Enable the IPv6 network filter specified by filename in the new - network namespace. The filter file format is the format of - ip6tables-save and ip6table-restore commands. New network - namespaces are created using --net option. If a new network - namespaces is not created, --netfilter6 option does nothing. - -````` - -## join command enhancements - -````` - --join-filesystem=name - Join the mount namespace of the sandbox identified by name. By - default a /bin/bash shell is started after joining the sandbox. - If a program is specified, the program is run in the sandbox. - This command is available only to root user. Security filters, - cgroups and cpus configurations are not applied to the process - joining the sandbox. - - --join-filesystem=pid - Join the mount namespace of the sandbox identified by process - ID. By default a /bin/bash shell is started after joining the - sandbox. If a program is specified, the program is run in the - sandbox. This command is available only to root user. Security - filters, cgroups and cpus configurations are not applied to the - process joining the sandbox. - - --join-network=name - Join the network namespace of the sandbox identified by name. By - default a /bin/bash shell is started after joining the sandbox. - If a program is specified, the program is run in the sandbox. - This command is available only to root user. Security filters, - cgroups and cpus configurations are not applied to the process - joining the sandbox. - - --join-network=pid - Join the network namespace of the sandbox identified by process - ID. By default a /bin/bash shell is started after joining the - sandbox. If a program is specified, the program is run in the - sandbox. This command is available only to root user. Security - filters, cgroups and cpus configurations are not applied to the - process joining the sandbox. - -````` - - -## New profiles: KMail - - +# Current development version: 0.9.39 -- cgit v1.2.3-54-g00ecf