1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
Firejail is a SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
Pidgin, Quassel and XChat.
Firejail also expands the restricted shell facility found in bash by adding
Linux namespace support. It supports sandboxing specific users upon login.
Download: http://sourceforge.net/projects/firejail/files/
Build and install: ./configure && make && sudo make install
Documentation and support: https://firejail.wordpress.com/
Development: https://github.com/netblue30/firejail
License: GPL v2
Firejail Authors:
netblue30 (netblue30@yahoo.com)
Fred-Barclay (https://github.com/Fred-Barclay)
- added Vivaldi, Atril profiles
yumkam (https://github.com/yumkam)
- add compile-time option to restrict --net= to root only
- man page fixes
Vasya Novikov (https://github.com/vn971)
- Wesnoth profile
- Hedegewars profile
- manpage fixes
mahdi1234 (https://github.com/mahdi1234)
- cherrytree profile
jrabe (https://github.com/jrabe)
- disallow access to kdbx files
- Epiphany profile
- Polari profile
jgriffiths (https://github.com/jgriffiths)
- make rpm packages support
Tom Mellor (https://github.com/kalegrill)
- mupen64plus profile
Martin Carpenter (https://github.com/mcarpenter)
- security audit and bug fixes
- Centos 6.x support
Aleksey Manevich (https://github.com/manevich)
- several profile fixes
- fix problem with relative path in storage_find function
- fix build for systems without bash
pszxzsd (https://github.com/pszxzsd)
-uGet profile
Rahiel Kasim (https://github.com/rahiel)
- Mathematica profile
creideiki (https://github.com/creideiki)
- make the sandbox process reap all children
curiosity-seeker (https://github.com/curiosity-seeker)
- tightening unbound and dnscrypt-proxy profiles
sinkuu (https://github.com/sinkuu)
- blacklisting kwalletd
- fix symlink invocation for programs placing symlinks in $PATH
Bader Zaidan (https://github.com/BaderSZ)
- Telegram profile
Holger Heinz (https://github.com/hheinz)
- manpage work
Andrey Alekseenko (https://github.com/al42and)
- fixing lintian warnings
mahdi1234 (https://github.com/mahdi1234)
- Seamonkey profiles
Ivan Kozik (https://github.com/ivan)
- speed up sandbox exit
Christian Stadelmann (https://github.com/genodeftest)
- profile fixes
pirate486743186 (https://github.com/pirate486743186)
- KMail profile
Kaan Genç (https://github.com/SeriousBug)
- dynamic allocation of noblacklist buffer
Veeti Paananen (https://github.com/veeti)
- fixed Spotify profile
Rahiel Kasim (https://github.com/rahiel)
- whitelist keysnail config for firefox
Peter Hogg (https://github.com/pigmonkey)
- WeeChat profile
- rtorrent profile
rogshdo (https://github.com/rogshdo)
- BitlBee profile
avoidr (https://github.com/avoidr)
- whitelist fix
- recently-used.xbel fix
- added parole profile
- blacklist ncat, manpage fixes,
- hostname support in profile file
- Google Chrome profile rework
Bruno Nova (https://github.com/brunonova)
- whitelist fix
- bash arguments fix
Matt Parnell (https://github.com/ilikenwf)
- whitelisting for core firefox related functionality
Andrey Alekseenko (https://github.com/al42and)
- fixed Skype profile
Ondra Nekola (https://github.com/satai)
- allow firefox theming with non-global themes
emacsomancer (https://github.com/emacsomancer)
- added profile for Conkeror browser
Daan Bakker (https://github.com/dbakker)
- protect shell startup files
Duncan Overbruck (https://github.com/Duncaen)
- musl libc fix
- utmp fix
andrew160 (https://github.com/andrew160)
- profile and man pages fixes
Loïc Damien (https://github.com/dzamlo)
- small fixes
Matthew Gyurgyik (https://github.com/pyther)
- rpm spec and several fixes
greigdp (https://github.com/greigdp)
- add Spotify profile
Mattias Wadman (https://github.com/wader)
- seccomp errno filter support
Peter Millerchip (https://github.com/pmillerchip)
- memory allocation fix
- --private.keep to --private-home transition
- support for files and directories starting with ~ in blacklist option
- support for files and directories with spaces in blacklist option
- lots of other fixes
sarneaud (https://github.com/sarneaud)
- rewrite globbing code to fix various minor issues
- added noblacklist command for profile files
- various enhancements and bug fixes
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
- user namespace implementation
Reiner Herrmann
- a number of build patches
- man page fixes
- Debian and Ubuntu integration
- clang-analyzer fixes
- Debian reproducible build
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
- Patch to output "Reading profile" to stderr instead of stdout
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
- ARM support
- profile fixes
dewbasaur (https://github.com/dewbasaur)
- block access to history files
- Firefox PDF.js exploit (CVE-2015-4495) fixes
- Steam profile
Michael Haas (https://github.com/mhaas)
- bugfixes
mjudtmann (https://github.com/mjudtmann)
- lock firejail configuration in disable-mgmt.inc
iiotx (https://github.com/iiotx)
- use generic.profile by default
pstn (https://github.com/pstn)
- added install-strip, make install without strip
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
- src/lib/libnetlink.c extracted from iproute2 software package
Copyright (C) 2014-2016 Firejail Authors
|
