From 3a39024f43b4d77b6545881d91c9fd04f94e9204 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 8 Dec 2021 12:39:31 -0500 Subject: updates --- RELNOTES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 5d276e376..0136b3b04 100644 --- a/RELNOTES +++ b/RELNOTES @@ -15,7 +15,7 @@ firejail (0.9.67) baseline; urgency=low * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl * new profiles: yt-dlp, goldendict, goldendict, bundle, cmake * new profiles: make, meson, pip, codium, telnet, ftp, OpenStego - * new profiles: imv, retroarch, torbrowser + * new profiles: imv, retroarch, torbrowser, CachyBrowser -- netblue30 Thu, 29 Jul 2021 09:00:00 -0500 firejail (0.9.66) baseline; urgency=low -- cgit v1.2.3-70-g09d2 From 94752c304a4d63d475ed378ae9a1d8ddb2bdebe7 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 11 Dec 2021 14:44:58 -0300 Subject: RELNOTES: add noprinters command As mentioned by @rusty-snake: https://github.com/netblue30/firejail/discussions/4770#discussioncomment-1784210 Relates to #4607. --- RELNOTES | 1 + 1 file changed, 1 insertion(+) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 0136b3b04..ac54619ee 100644 --- a/RELNOTES +++ b/RELNOTES @@ -4,6 +4,7 @@ firejail (0.9.67) baseline; urgency=low * intrusion detection system (--ids-init, --ids-check) * deterministic shutdown (--deterministic-exit-code, --deterministic-shutdown) + * noprinters command (#4607) * build: firecfg.config is now installed to /etc/firejail/ (#4669) * deprecated --disable-whitelist at compile time * deprecated whitelist=yes/no in /etc/firejail/firejail.config -- cgit v1.2.3-70-g09d2 From 201a229e9768887ef8c05c17d0b4d39a00ee8af0 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 11 Dec 2021 16:29:45 -0300 Subject: RELNOTES: add missing pull request references Relates to #4510 #4533 #4599 #4635. --- RELNOTES | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index ac54619ee..7b5ff9775 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,14 +1,14 @@ firejail (0.9.67) baseline; urgency=low * work in progress - * exit code: distinguish fatal signals by adding 128 + * exit code: distinguish fatal signals by adding 128 (#4533) * intrusion detection system (--ids-init, --ids-check) * deterministic shutdown (--deterministic-exit-code, - --deterministic-shutdown) + --deterministic-shutdown) (#4635) * noprinters command (#4607) * build: firecfg.config is now installed to /etc/firejail/ (#4669) * deprecated --disable-whitelist at compile time * deprecated whitelist=yes/no in /etc/firejail/firejail.config - * new condition: ALLOW_TRAY + * new condition: ALLOW_TRAY (#4510 #4599) * remove (some) environment variables with auth-tokens * new includes: whitelist-run-common.inc, disable-X11.inc * removed includes: disable-passwordmgr.inc -- cgit v1.2.3-70-g09d2 From 571696580a8312a4a7887b445011483160ff4660 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 11 Dec 2021 19:04:50 -0300 Subject: RELNOTES: add more missing pr/issue references Relates to #4157 #4288 #4461 #4462. --- RELNOTES | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 7b5ff9775..798eeb92c 100644 --- a/RELNOTES +++ b/RELNOTES @@ -9,9 +9,9 @@ firejail (0.9.67) baseline; urgency=low * deprecated --disable-whitelist at compile time * deprecated whitelist=yes/no in /etc/firejail/firejail.config * new condition: ALLOW_TRAY (#4510 #4599) - * remove (some) environment variables with auth-tokens - * new includes: whitelist-run-common.inc, disable-X11.inc - * removed includes: disable-passwordmgr.inc + * remove (some) environment variables with auth-tokens (#4157) + * new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) + * removed includes: disable-passwordmgr.inc (#4461) * new profiles: microsoft-edge-beta, clion-eap, lifeograph, zim * new profiles: io.github.lainsce.Notejot, rednotebook, gallery-dl * new profiles: yt-dlp, goldendict, goldendict, bundle, cmake -- cgit v1.2.3-70-g09d2 From c7948c6c723dc33d992978572f8404e6462c9a6d Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 11 Dec 2021 17:07:00 -0300 Subject: RELNOTES: s/deprecated/removed/ As far as I know, to "deprecate" something usually means the following: * It should not be used anymore * It still works (even if it may not work 100%) * It may be removed in a future release But the features mentioned on RELNOTES were actually removed; see commit c08414fdb ("deprecated --disable-whitelist at compile time", 2021-07-03) and commit c32924b82 ("deprecated whitelist=yes/no in /etc/firejail/firejail.config", 2021-07-04). So to avoid confusion, just say that they were removed. --- RELNOTES | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'RELNOTES') diff --git a/RELNOTES b/RELNOTES index 798eeb92c..e16099b39 100644 --- a/RELNOTES +++ b/RELNOTES @@ -6,8 +6,8 @@ firejail (0.9.67) baseline; urgency=low --deterministic-shutdown) (#4635) * noprinters command (#4607) * build: firecfg.config is now installed to /etc/firejail/ (#4669) - * deprecated --disable-whitelist at compile time - * deprecated whitelist=yes/no in /etc/firejail/firejail.config + * removed --disable-whitelist at compile time + * removed whitelist=yes/no in /etc/firejail/firejail.config * new condition: ALLOW_TRAY (#4510 #4599) * remove (some) environment variables with auth-tokens (#4157) * new includes: whitelist-run-common.inc (#4288), disable-X11.inc (#4462) -- cgit v1.2.3-70-g09d2 From e9843593cbf107de641801bd9871c357e967dc99 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Dec 2021 12:19:44 -0500 Subject: nettrace --- .gitignore | 1 + README.md | 18 ++++++++++++++++++ RELNOTES | 1 + src/firejail/usage.c | 1 + src/man/firejail.txt | 23 +++++++++++++++++++++++ 5 files changed, 44 insertions(+) (limited to 'RELNOTES') diff --git a/.gitignore b/.gitignore index ace86f218..29e0b63d6 100644 --- a/.gitignore +++ b/.gitignore @@ -43,6 +43,7 @@ src/profstats/profstats src/bash_completion/firejail.bash_completion src/zsh_completion/_firejail src/jailcheck/jailcheck +src/fnettrace/fnettrace uids.h seccomp seccomp.debug diff --git a/README.md b/README.md index b16b55d6a..e52a02d34 100644 --- a/README.md +++ b/README.md @@ -296,6 +296,24 @@ INTRUSION DETECTION SYSTEM (IDS) as it contains running processes. ````` +### Network Monitor +````` + --nettrace=name|pid + Monitor TCP and UDP traffic coming into the sandbox specified by + name or pid. Only networked sandboxes created with --net are + supported. + + $ firejail --nettrace=browser + 9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec + 72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec + 80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec + 69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec + 140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec + + (14 streams in the last one minute) + +````` + ### Profile Statistics A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. diff --git a/RELNOTES b/RELNOTES index e16099b39..d0211ce27 100644 --- a/RELNOTES +++ b/RELNOTES @@ -5,6 +5,7 @@ firejail (0.9.67) baseline; urgency=low * deterministic shutdown (--deterministic-exit-code, --deterministic-shutdown) (#4635) * noprinters command (#4607) + * network monitor (--nettrace) * build: firecfg.config is now installed to /etc/firejail/ (#4669) * removed --disable-whitelist at compile time * removed whitelist=yes/no in /etc/firejail/firejail.config diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 4a0f05528..b993cb80c 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c @@ -150,6 +150,7 @@ static char *usage_str = "\tparent interfaces.\n" " --netns=name - Run the program in a named, persistent network namespace.\n" " --netstats - monitor network statistics.\n" + " --nettrace - monitor TCP and UDP traffic coming into the sandbox.\n" #endif " --nice=value - set nice value.\n" " --no3d - disable 3D hardware acceleration.\n" diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 09e7165a7..b366fed7c 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -1479,6 +1479,29 @@ PID User RX(KB/s) TX(KB/s) Command 1294 netblue 53.355 1.473 firejail \-\-net=eth0 firefox .br 7383 netblue 9.045 0.112 firejail \-\-net=eth0 transmission +.TP +\fB\-\-nettrace=name|pid +Monitor TCP and UDP traffic coming into the sandbox specified by name or pid. Only networked sandboxes +created with \-\-net are supported. +.br + +.br +$ firejail --nettrace=browser +.br +9.9.9.9:53 => 192.168.1.60 UDP: 122 B/sec +.br +72.21.91.29:80 => 192.168.1.60 TCP: 257 B/sec +.br +80.92.126.65:123 => 192.168.1.60 UDP: 25 B/sec +.br +69.30.241.50:443 => 192.168.1.60 TCP: 88 KB/sec +.br +140.82.112.4:443 => 192.168.1.60 TCP: 1861 B/sec +.br + +.br +(14 streams in the last one minute) + #endif .TP \fB\-\-nice=value -- cgit v1.2.3-70-g09d2