profiles: Atom Beta, Atom, jitsi, eom, uudeview profiles: pix, audacity, xz, xzdec, gzip, cpio, less profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice run time: enable/disable chroot desktop features (chroot-desktop yes/no) run time: enable/disable remounting of /proc and /sys run time: enable/disable whitelisting (whitelist yes/no) run time: user-defined network filter (netfilter-default) ![]() run time: enable/disable quiet as default (quiet-by-default yes/no) run time: enable/disable overlayfs (overlayfs yes/no) compile time: disable global config (-disable-globalcfg) compile time: disable whitlisting (-disable-whitelist) compile time: disable overlayfs (-disable-overlayfs) compile time: Busybox support (-enable-busybox-workaround) feature: option to fix desktop files (firecfg -fix) feature: allow debugging inside the sandbox with gdb and strace feature: store and reuse overlay (-overlay-named) feature: clean local overlay storage directory (-overlay-clean) feature: remove environment variable (-rmenv) feature: Sandbox auditing support (-audit) feature: Ubuntu snap support (/etc/firejail/snap.profile) modifs: include /dev/snd in -private-dev modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" modifs: allow symlinks in home directory for -whitelist option modifs: deprecated -user option, please use "sudo -u username firejail" modifs: bringing back -private-home option ![]() security: several TOCTOU fixes submitted by Aleksey Manevich security: terminal sandbox escape, submitted by Stephan Sokolow security: tighten -chroot, submitted by Jann Horn security: disable x32 ABI in seccomp, submitted by Jann Horn security: -whitelist deleted files, submitted by Vasya Novikov new profiles: Flowblade, Eye of GNOME (eog), Evolution new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot new profiles: feh, ranger, zathura, 7z, keepass, keepassx, new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape ![]() feature: accept wildcard patterns in user name field of restricted feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands feature: disable 3D hardware acceleration (-no3d) feature: X11 security extension (-x11=xorg) feature: add files to sandbox container (-put) feature: all user home directories are visible (-allusers) feature: assign a name to the interface connected to the bridge feature: X11 detection support for -audit feature: support starting/joining sandbox is a single command feature: allow user access to /sys/fs (-noblacklist=/sys/fs) modifs: Nvidia drivers added to -private-dev modifs: -private-tmp whitelists /tmp/.X11-unix directory CVE-2016-7545 submitted by Aleksey Manevich fixing broken PulseAudio support in previous release It includes a sandbox profile for Mozilla Firefox. Firejail-0.9.44.10-1 RPM for x86_64 From SourceForgeįirejail is a SUID sandbox program that reduces the risk of securityīreaches by restricting the running environment of untrusted applications
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |