mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-15 14:16:14 -06:00
137 lines
4.9 KiB
Text
137 lines
4.9 KiB
Text
Firejail is a SUID sandbox program that reduces the risk of security
|
|
breaches by restricting the running environment of untrusted applications
|
|
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
|
|
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
|
|
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
|
|
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
|
|
Pidgin, Quassel and XChat.
|
|
|
|
Firejail also expands the restricted shell facility found in bash by adding
|
|
Linux namespace support. It supports sandboxing specific users upon login.
|
|
|
|
Download: http://sourceforge.net/projects/firejail/files/
|
|
Build and install: ./configure && make && sudo make install
|
|
Documentation and support: https://firejail.wordpress.com/
|
|
Development: https://github.com/netblue30/firejail
|
|
License: GPL v2
|
|
|
|
Firejail Authors:
|
|
|
|
netblue30 (netblue30@yahoo.com)
|
|
Tom Mellor (https://github.com/kalegrill)
|
|
- mupen64plus profile
|
|
Martin Carpenter (https://github.com/mcarpenter)
|
|
- security audit and bug fixes
|
|
- Centos 6.x support
|
|
Aleksey Manevich (https://github.com/manevich)
|
|
- several profile fixes
|
|
pszxzsd (https://github.com/pszxzsd)
|
|
-uGet profile
|
|
Rahiel Kasim (https://github.com/rahiel)
|
|
- Mathematica profile
|
|
creideiki (https://github.com/creideiki)
|
|
- make the sandbox process reap all children
|
|
curiosity-seeker (https://github.com/curiosity-seeker)
|
|
- tightening unbound and dnscrypt-proxy profiles
|
|
sinkuu (https://github.com/sinkuu)
|
|
- blacklisting kwalletd
|
|
- fix symlink invocation for programs placing symlinks in $PATH
|
|
Bader Zaidan (https://github.com/BaderSZ)
|
|
- Telegram profile
|
|
Holger Heinz (https://github.com/hheinz)
|
|
- manpage work
|
|
Andrey Alekseenko (https://github.com/al42and)
|
|
- fixing lintian warnings
|
|
mahdi1234 (https://github.com/mahdi1234)
|
|
- Seamonkey profiles
|
|
Ivan Kozik (https://github.com/ivan)
|
|
- speed up sandbox exit
|
|
Christian Stadelmann (https://github.com/genodeftest)
|
|
- profile fixes
|
|
pirate486743186 (https://github.com/pirate486743186)
|
|
- KMail profile
|
|
Kaan Genç (https://github.com/SeriousBug)
|
|
- dynamic allocation of noblacklist buffer
|
|
jrabe (https://github.com/jrabe)
|
|
- disallow access to kdbx files
|
|
Veeti Paananen (https://github.com/veeti)
|
|
- fixed Spotify profile
|
|
Rahiel Kasim (https://github.com/rahiel)
|
|
- whitelist keysnail config for firefox
|
|
Peter Hogg (https://github.com/pigmonkey)
|
|
- WeeChat profile
|
|
- rtorrent profile
|
|
rogshdo (https://github.com/rogshdo)
|
|
- BitlBee profile
|
|
avoidr (https://github.com/avoidr)
|
|
- whitelist fix
|
|
- recently-used.xbel fix
|
|
- added parole profile
|
|
- blacklist ncat, manpage fixes,
|
|
- hostname support in profile file
|
|
- Google Chrome profile rework
|
|
Bruno Nova (https://github.com/brunonova)
|
|
- whitelist fix
|
|
- bash arguments fix
|
|
Matt Parnell (https://github.com/ilikenwf)
|
|
- whitelisting for core firefox related functionality
|
|
Andrey Alekseenko (https://github.com/al42and)
|
|
- fixed Skype profile
|
|
Ondra Nekola (https://github.com/satai)
|
|
- allow firefox theming with non-global themes
|
|
emacsomancer (https://github.com/emacsomancer)
|
|
- added profile for Conkeror browser
|
|
Daan Bakker (https://github.com/dbakker)
|
|
- protect shell startup files
|
|
Duncan Overbruck (https://github.com/Duncaen)
|
|
- musl libc fix
|
|
- utmp fix
|
|
andrew160 (https://github.com/andrew160)
|
|
- profile fixes
|
|
Loïc Damien (https://github.com/dzamlo)
|
|
- small fixes
|
|
Matthew Gyurgyik (https://github.com/pyther)
|
|
- rpm spec and several fixes
|
|
greigdp (https://github.com/greigdp)
|
|
- add Spotify profile
|
|
Mattias Wadman (https://github.com/wader)
|
|
- seccomp errno filter support
|
|
Peter Millerchip (https://github.com/pmillerchip)
|
|
- memory allocation fix
|
|
- --private.keep to --private-home transition
|
|
- support for files and directories starting with ~ in blacklist option
|
|
- support for files and directories with spaces in blacklist option
|
|
- lots of other fixes
|
|
sarneaud (https://github.com/sarneaud)
|
|
- rewrite globbing code to fix various minor issues
|
|
- added noblacklist command for profile files
|
|
- various enhancements and bug fixes
|
|
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
|
|
- user namespace implementation
|
|
Reiner Herrmann
|
|
- a number of build patches
|
|
- man page fixes
|
|
- Debian and Ubuntu integration
|
|
- clang-analyzer fixes
|
|
- Debian reproducible build
|
|
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
|
|
- Patch to output "Reading profile" to stderr instead of stdout
|
|
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
|
|
- ARM support
|
|
- profile fixes
|
|
dewbasaur (https://github.com/dewbasaur)
|
|
- block access to history files
|
|
- Firefox PDF.js exploit (CVE-2015-4495) fixes
|
|
- Steam profile
|
|
Michael Haas (https://github.com/mhaas)
|
|
- bugfixes
|
|
mjudtmann (https://github.com/mjudtmann)
|
|
- lock firejail configuration in disable-mgmt.inc
|
|
iiotx (https://github.com/iiotx)
|
|
- use generic.profile by default
|
|
pstn (https://github.com/pstn)
|
|
- added install-strip, make install without strip
|
|
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
|
|
- src/lib/libnetlink.c extracted from iproute2 software package
|
|
|
|
Copyright (C) 2014-2016 Firejail Authors
|