1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
Firejail is a SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
Pidgin, Quassel and XChat.
Firejail also expands the restricted shell facility found in bash by adding
Linux namespace support. It supports sandboxing specific users upon login.
Download: http://sourceforge.net/projects/firejail/files/
Build and install: ./configure && make && sudo make install
Documentation and support: https://l3net.wordpress.com/projects/firejail/
Development: https://github.com/netblue30/firejail
License: GPL v2
Firejail Authors:
netblue30 (netblue30@yahoo.com)
emacsomancer (https://github.com/emacsomancer)
- added profile for Conkeror browser
Daan Bakker (https://github.com/dbakker)
- protect shell startup files
Duncan Overbruck (https://github.com/Duncaen)
- musl libc fix
andrew160 (https://github.com/andrew160)
- profile fixes
Loïc Damien (https://github.com/dzamlo)
- small fixes
Matthew Gyurgyik (https://github.com/pyther)
- rpm spec and several fixes
greigdp (https://github.com/greigdp)
- add Spotify profile
Mattias Wadman (https://github.com/wader)
- seccomp errno filter support
Peter Millerchip (https://github.com/pmillerchip)
- memory allocation fix
- --private.keep to --private-home transition
- support for files and directories starting with ~ in blacklist option
- support for files and directories with spaces in blacklist option
- lots of other fixes
sarneaud (https://github.com/sarneaud)
- rewrite globbing code to fix various minor issues
- added noblacklist command for profile files
- various enhancements and bug fixes
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
- user namespace implementation
Reiner Herrmann
- a number of build patches
- man page fixes
- Debian and Ubuntu integration
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
- Patch to output "Reading profile" to stderr instead of stdout
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
- ARM support
- profile fixes
dewbasaur (https://github.com/dewbasaur)
- block access to history files
- Firefox PDF.js exploit (CVE-2015-4495) fixes
- Steam profile
Michael Haas (https://github.com/mhaas)
- bugfixes
mjudtmann (https://github.com/mjudtmann)
- lock firejail configuration in disable-mgmt.inc
iiotx (https://github.com/iiotx)
- use generic.profile by default
pstn (https://github.com/pstn)
- added install-strip, make install without strip
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
- src/lib/libnetlink.c extracted from iproute2 software package
Copyright (C) 2014, 2015 Firejail Authors
|