Firejail Feature Testing

N - normal user filesystem
O - overlay filesystem
C - chroot filesystem



1. Default features (tesing with --noprofile)

1.1 disable /boot
	- N, O, C

1.2 new /proc
	- N, O, C

1.3 new /sys
	- N, O fails remount, C fails remount

1.4 mask other users
	- home directory: N, O, C
	- /etc/passwd: N, O, C to test
	- /etc/group: N, O, C to test

1.5 PID namespace
	- N, O, C

1.6 new /var/log
	- N, O, C

1.7 new /var/tmp
	-N, O, C

1.8 disable /etc/firejail and ~/.config/firejail
	-N, O, C

1.9 mount namespace

1.10 disable /selinux
	- N, O, C



2. Networking features

2.1 Hostname (use --hostname=newhostname, do a ping and cat /etc/hostname)
	- N, O, C
	- ping disabled for C by default seccomp filter, use "getent hosts bingo"

2.2 DNS (use --dns=4.2.2.1, use "dig google.com")
	- N, O, C

2.3 mac-vlan (use --net=eth0 and --noprofile; run ifconfig and dig google.com)
	- N, O, C
	- test --ip: N, O, C

2.4 bridge (use --net=br0 and --noprofile; run ifconfig, netstat -rn, ping default gw)
	- N, O, C
	- ping disabled for C by default seccomp filter - transfer test not implemented for C
	- test --ip: N, O, C

2.5 interface
	- N, O, C

2.6 Default gw (--noprofile --net=eth0 --defaultgw=192.168.1.10, run netstat -rn)
	- N, O, C



3. Filesystem features (use --noprofile)

3.1 tmpfs
3.2 read-only
3.3 blacklist
3.4 whitelist