1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
|
Firejail is a SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
Pidgin, Quassel and XChat.
Firejail also expands the restricted shell facility found in bash by adding
Linux namespace support. It supports sandboxing specific users upon login.
Download: http://sourceforge.net/projects/firejail/files/
Build and install: ./configure && make && sudo make install
Documentation and support: https://firejail.wordpress.com/
Development: https://github.com/netblue30/firejail
License: GPL v2
Firejail Authors:
netblue30 (netblue30@yahoo.com)
curiosity-seeker (https://github.com/curiosity-seeker)
- tightening unbound and dnscrypt-proxy profiles
- dnsmasq profile
- okular and gwenview profiles
Matthew Gyurgyik (https://github.com/pyther)
- rpm spec and several fixes
Joan Figueras (https://github.com/figue)
- added abrowser profile
- added Google-Play-Music-Desktop-Player
Fred-Barclay (https://github.com/Fred-Barclay)
- added Vivaldi, Atril profiles
- added PaleMoon profile
- split Icedove and Thunderbird profiles
- added 0ad profile
- fixed version for .deb packages
- added Warzone2100 profile
- blacklisted VeraCrypt
- added Gpredict profile
- added Aweather, Stellarium profiles
avoidr (https://github.com/avoidr)
- whitelist fix
- recently-used.xbel fix
- added parole profile
- blacklist ncat, manpage fixes,
- hostname support in profile file
- Google Chrome profile rework
- added cmus profile
- man page fixes
- add net iface support in profile files
- paths fix
- lots of profile fixes
Petter Reinholdtsen (pere@hungry.com)
- Opera profile patch
n1trux (https://github.com/n1trux)
- fix flashpeak-slimjet profile typos
Felipe Barriga Richards (https://github.com/fbarriga)
- --private-etc fix
Alexander Stein (https://github.com/ajstein)
- added profile for qutebrowser
Benjamin Kampmann (https://github.com/ligthyear)
- Forward exit code from child process
dshmgh (https://github.com/dshmgh)
- overlayfs fix for systems with /home mounted on a separate partition
yumkam (https://github.com/yumkam)
- add compile-time option to restrict --net= to root only
- man page fixes
Vasya Novikov (https://github.com/vn971)
- Wesnoth profile
- Hedegewars profile
- manpage fixes
mahdi1234 (https://github.com/mahdi1234)
- cherrytree profile
jrabe (https://github.com/jrabe)
- disallow access to kdbx files
- Epiphany profile
- Polari profile
- qTox profile
- X11 fixes
jgriffiths (https://github.com/jgriffiths)
- make rpm packages support
Tom Mellor (https://github.com/kalegrill)
- mupen64plus profile
Martin Carpenter (https://github.com/mcarpenter)
- security audit and bug fixes
- Centos 6.x support
Aleksey Manevich (https://github.com/manevich)
- several profile fixes
- fix problem with relative path in storage_find function
- fix build for systems without bash
pszxzsd (https://github.com/pszxzsd)
-uGet profile
Rahiel Kasim (https://github.com/rahiel)
- Mathematica profile
creideiki (https://github.com/creideiki)
- make the sandbox process reap all children
sinkuu (https://github.com/sinkuu)
- blacklisting kwalletd
- fix symlink invocation for programs placing symlinks in $PATH
Bader Zaidan (https://github.com/BaderSZ)
- Telegram profile
Holger Heinz (https://github.com/hheinz)
- manpage work
Andrey Alekseenko (https://github.com/al42and)
- fixing lintian warnings
mahdi1234 (https://github.com/mahdi1234)
- Seamonkey profiles
Ivan Kozik (https://github.com/ivan)
- speed up sandbox exit
Christian Stadelmann (https://github.com/genodeftest)
- profile fixes
pirate486743186 (https://github.com/pirate486743186)
- KMail profile
Kaan Genç (https://github.com/SeriousBug)
- dynamic allocation of noblacklist buffer
Veeti Paananen (https://github.com/veeti)
- fixed Spotify profile
Rahiel Kasim (https://github.com/rahiel)
- whitelist keysnail config for firefox
Peter Hogg (https://github.com/pigmonkey)
- WeeChat profile
- rtorrent profile
rogshdo (https://github.com/rogshdo)
- BitlBee profile
Bruno Nova (https://github.com/brunonova)
- whitelist fix
- bash arguments fix
Matt Parnell (https://github.com/ilikenwf)
- whitelisting for core firefox related functionality
Andrey Alekseenko (https://github.com/al42and)
- fixed Skype profile
Ondra Nekola (https://github.com/satai)
- allow firefox theming with non-global themes
emacsomancer (https://github.com/emacsomancer)
- added profile for Conkeror browser
Daan Bakker (https://github.com/dbakker)
- protect shell startup files
Duncan Overbruck (https://github.com/Duncaen)
- musl libc fix
- utmp fix
andrew160 (https://github.com/andrew160)
- profile and man pages fixes
Loïc Damien (https://github.com/dzamlo)
- small fixes
greigdp (https://github.com/greigdp)
- add Spotify profile
Mattias Wadman (https://github.com/wader)
- seccomp errno filter support
Peter Millerchip (https://github.com/pmillerchip)
- memory allocation fix
- --private.keep to --private-home transition
- support for files and directories starting with ~ in blacklist option
- support for files and directories with spaces in blacklist option
- lots of other fixes
sarneaud (https://github.com/sarneaud)
- rewrite globbing code to fix various minor issues
- added noblacklist command for profile files
- various enhancements and bug fixes
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
- user namespace implementation
Reiner Herrmann
- a number of build patches
- man page fixes
- Debian and Ubuntu integration
- clang-analyzer fixes
- Debian reproducible build
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
- Patch to output "Reading profile" to stderr instead of stdout
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
- ARM support
- profile fixes
dewbasaur (https://github.com/dewbasaur)
- block access to history files
- Firefox PDF.js exploit (CVE-2015-4495) fixes
- Steam profile
Michael Haas (https://github.com/mhaas)
- bugfixes
mjudtmann (https://github.com/mjudtmann)
- lock firejail configuration in disable-mgmt.inc
iiotx (https://github.com/iiotx)
- use generic.profile by default
pstn (https://github.com/pstn)
- added install-strip, make install without strip
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
- src/lib/libnetlink.c extracted from iproute2 software package
Copyright (C) 2014-2016 Firejail Authors
|
