mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
0.9.36 released
This commit is contained in:
netblue30
parent
02aebde80f
commit
fd7df99c2d
1 changed files with 0 additions and 76 deletions
76
README.md
76
README.md
|
|
@ -32,79 +32,3 @@ Documentation: https://firejail.wordpress.com/documentation-2/
|
|||
|
||||
FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
|
||||
|
||||
## Development version 0.9.35
|
||||
|
||||
### The project has moved to a new home: https://firejail.wordpress.com/
|
||||
|
||||
### New security profiles:
|
||||
New profiles introduced in this version: unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat,
|
||||
google-chrome-stable, google-chrome-beta, google-chrome-unstable, opera-beta
|
||||
|
||||
### --noblacklist
|
||||
`````
|
||||
--noblacklist=dirname_or_filename
|
||||
Disable blacklist for this directory or file.
|
||||
|
||||
Example:
|
||||
$ firejail
|
||||
$ nc dict.org 2628
|
||||
bash: /bin/nc: Permission denied
|
||||
$ exit
|
||||
|
||||
$ firejail --noblacklist=/bin/nc
|
||||
$ nc dict.org 2628
|
||||
220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
|
||||
`````
|
||||
|
||||
### --whitelist
|
||||
|
||||
Whitelist command accepts files in user home, /dev, /media, /var, and /tmp directories.
|
||||
|
||||
### --tracelog
|
||||
|
||||
Tracelog command enables auditing blacklisted files and directories. A message
|
||||
is sent to syslog in case the file or the directory is accessed. Example:
|
||||
`````
|
||||
$ firejail --tracelog firefox
|
||||
`````
|
||||
Syslog example:
|
||||
`````
|
||||
$ sudo tail -f /var/log/syslog
|
||||
[...]
|
||||
Dec 3 11:43:25 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox,
|
||||
syscall open64, path /etc/shadow
|
||||
Dec 3 11:46:17 debian firejail[70]: blacklist violation - sandbox 26370, exe firefox,
|
||||
syscall opendir, path /boot
|
||||
[...]
|
||||
`````
|
||||
Tracelog is enabled by default in several profile files.
|
||||
|
||||
### --profile-path
|
||||
For various reasons some users might want to keep the profile files in
|
||||
a different directory. Using --profile-path command line option,
|
||||
Firejail can be instructed to look for profiles into this directory.
|
||||
|
||||
This is an example of relocating the profile files into a new directory,
|
||||
/home/netblue/myprofiles. Start by creating the new directory and
|
||||
copy all the profile files in:
|
||||
`````
|
||||
$ mkdir ~/myprofiles && cd ~/myprofiles && cp /etc/firejail/* .
|
||||
`````
|
||||
Using sed utility, modify the absolute paths for include commands:
|
||||
`````
|
||||
$ sed -i "s/\/etc\/firejail/\/home\/netblue\/myprofiles/g" *.profile
|
||||
$ sed -i "s/\/etc\/firejail/\/home\/netblue\/myprofiles/g" *.inc
|
||||
`````
|
||||
Start Firejail using the new path:
|
||||
`````
|
||||
$ firejail --profile-path=~/myprofiles
|
||||
`````
|
||||
|
||||
### --force
|
||||
|
||||
This option allows the user to start a sandbox inside an existing sandbox. It is mainly used for running
|
||||
Firejail inside a Docker container.
|
||||
|
||||
### Debian reproducible build
|
||||
|
||||
### Added "name" and "hostname" command support in profile files
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue