mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-21 06:45:29 -06:00
56 lines
2.4 KiB
Text
56 lines
2.4 KiB
Text
Firejail is a SUID sandbox program that reduces the risk of security
|
|
breaches by restricting the running environment of untrusted applications
|
|
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
|
|
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
|
|
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
|
|
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
|
|
Pidgin, Quassel and XChat.
|
|
|
|
Firejail also expands the restricted shell facility found in bash by adding
|
|
Linux namespace support. It supports sandboxing specific users upon login.
|
|
|
|
Download: http://sourceforge.net/projects/firejail/files/
|
|
Build and install: ./configure && make && sudo make install
|
|
Documentation and support: https://l3net.wordpress.com/projects/firejail/
|
|
Development: https://github.com/netblue30/firejail
|
|
License: GPL v2
|
|
|
|
Firejail Authors:
|
|
|
|
netblue30 (netblue30@yahoo.com)
|
|
greigdp (https://github.com/greigdp)
|
|
- add Spotify profile
|
|
Mattias Wadman (https://github.com/wader)
|
|
- seccomp errno filter support
|
|
Peter Millerchip (https://github.com/pmillerchip)
|
|
- memory allocation fix
|
|
- --private.keep to --private-home transition
|
|
- support for files and directories starting with ~ in blacklist option
|
|
- support for files and directories with spaces in blacklist option
|
|
- lots of other fixes
|
|
sarneaud (https://github.com/sarneaud)
|
|
- rewrite globbing code to fix various minor issues
|
|
- added noblacklist command for profile files
|
|
- various enhancements and bug fixes
|
|
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
|
|
- user namespace implementation
|
|
Reiner Herrmann - a number of build patches, man page fixes, Debian integration
|
|
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
|
|
- Patch to output "Reading profile" to stderr instead of stdout
|
|
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
|
|
- ARM support
|
|
dewbasaur (https://github.com/dewbasaur)
|
|
- block access to history files
|
|
- Firefox PDF.js exploit (CVE-2015-4495) fixes
|
|
Michael Haas (https://github.com/mhaas)
|
|
- bugfixes
|
|
mjudtmann (https://github.com/mjudtmann)
|
|
- lock firejail configuration in disable-mgmt.inc
|
|
iiotx (https://github.com/iiotx)
|
|
- use generic.profile by default
|
|
pstn (https://github.com/pstn)
|
|
- added install-strip, make install without strip
|
|
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
|
|
- src/lib/libnetlink.c extracted from iproute2 software package
|
|
|
|
Copyright (C) 2014, 2015 Firejail Authors
|