diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index ecc5be3042b..4a7998e879e 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -7,7 +7,7 @@ following: - The ordering of options follow the rules described in [etc/templates/profile.template](../blob/master/etc/templates/profile.template) (/usr/share/doc/firejail/profile.template when installed). -- Order the arguments of options alphabetically. You can easily do this with +- Order the arguments of options alphabetically. You can easily do this with [sort.py](../blob/master/contrib/sort.py). The path to it depends on your distro: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ebc4d3a2064..1ae29326436 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,17 +15,18 @@ a comment in our dedicated issue: When submitting a bug report, please provide the following information so that we can handle the report more easily: -- firejail version. If you're not sure, open a terminal and type `firejail --version`. +- firejail version. If you're not sure, open a terminal and type `firejail + --version`. - Linux distribution (so that we can try to reproduce it, if necessary). -- If you know that the problem did not exist in an earlier version of firejail, please mention it. -- If you are reporting that a program does not work with firejail, please also run firejail with - the `--noprofile` argument. - For example, if `firejail firefox` does not work, please also run `firejail --noprofile firefox` and +- If you know that the problem did not exist in an earlier version of firejail, + please mention it. +- If you are reporting that a program does not work with firejail, please also + run firejail with the `--noprofile` argument. For example, if `firejail + firefox` does not work, please also run `firejail --noprofile firefox` and let us know if it runs correctly or not. - You may also try disabling various options provided in `/etc/firejail/` until you find out which one causes - problems. - It will significantly help in finding a solution for your issue. + problems. It will significantly help in finding a solution for your issue. Please note: If you are running Debian, Ubuntu, Linux Mint, or another related distribution and you installed firejail from your distro's repositories, please diff --git a/README b/README index 9833e078ee1..0d402a85425 100644 --- a/README +++ b/README @@ -8,7 +8,7 @@ Clementine, Rhythmbox, Totem, Deluge, qBittorrent, DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove, Pidgin, Quassel, and XChat. Firejail also expands the restricted shell facility found in bash by adding -Linux namespace support. It supports sandboxing specific users upon login. +Linux namespace support. It supports sandboxing specific users upon login. Download: https://sourceforge.net/projects/firejail/files/ Build and install: ./configure && make && sudo make install @@ -28,7 +28,7 @@ Compile and install the mainline version from GitHub: cd firejail ./configure && make && sudo make install-strip -On Debian/Ubuntu you will need to install git and gcc. AppArmor development +On Debian/Ubuntu you will need to install git and gcc. AppArmor development libraries and pkg-config are required when using the --enable-apparmor ./configure option: diff --git a/README.md b/README.md index 05dd2a52f51..09a3276e696 100644 --- a/README.md +++ b/README.md @@ -5,20 +5,24 @@ [![CodeQL CI](https://github.com/netblue30/firejail/workflows/CodeQL/badge.svg)](https://github.com/netblue30/firejail/actions?query=workflow%3ACodeQL) [![Packaging status (Repology)](https://repology.org/badge/tiny-repos/firejail.svg)](https://repology.org/project/firejail/versions) -Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting -the running environment of untrusted applications using Linux namespaces, seccomp-bpf -and Linux capabilities. It allows a process and all its descendants to have their own private -view of the globally shared kernel resources, such as the network stack, process table, mount table. -Firejail can work in a SELinux or AppArmor environment, and it is integrated with Linux Control Groups. - -Written in C with virtually no dependencies, the software runs on any Linux computer with a 3.x kernel -version or newer. It can sandbox any type of processes: servers, graphical applications, and even -user login sessions. The software includes sandbox profiles for a number of more common Linux programs, +Firejail is a SUID sandbox program that reduces the risk of security breaches +by restricting the running environment of untrusted applications using Linux +namespaces, seccomp-bpf and Linux capabilities. It allows a process and all +its descendants to have their own private view of the globally shared kernel +resources, such as the network stack, process table, mount table. Firejail can +work in a SELinux or AppArmor environment, and it is integrated with Linux +Control Groups. + +Written in C with virtually no dependencies, the software runs on any Linux +computer with a 3.x kernel version or newer. It can sandbox any type of +processes: servers, graphical applications, and even user login sessions. The +software includes sandbox profiles for a number of more common Linux programs, such as Mozilla Firefox, Chromium, VLC, Transmission etc. -The sandbox is lightweight, the overhead is low. There are no complicated configuration files to edit, -no socket connections open, no daemons running in the background. All security features are -implemented directly in Linux kernel and available on any Linux computer. +The sandbox is lightweight, the overhead is low. There are no complicated +configuration files to edit, no socket connections open, no daemons running in +the background. All security features are implemented directly in Linux kernel +and available on any Linux computer. ## Videos @@ -103,7 +107,7 @@ See also : > What software is supported by the Ubuntu Security team? > > Ubuntu is currently divided into four components: main, restricted, universe -> and multiverse. All binary packages in main and restricted are supported by +> and multiverse. All binary packages in main and restricted are supported by > the Ubuntu Security team for the life of an Ubuntu release, while binary > packages in universe and multiverse are supported by the Ubuntu community. @@ -147,7 +151,7 @@ cd firejail ./configure && make && sudo make install-strip ``` -On Debian/Ubuntu you will need to install git and gcc. AppArmor development +On Debian/Ubuntu you will need to install git and gcc. AppArmor development libraries and pkg-config are required when using the `--enable-apparmor` ./configure option: @@ -171,7 +175,7 @@ firejail vlc # starting VideoLAN Client sudo firejail /etc/init.d/nginx start ``` -Run `firejail --list` in a terminal to list all active sandboxes. Example: +Run `firejail --list` in a terminal to list all active sandboxes. Example: ```console $ firejail --list @@ -191,16 +195,16 @@ firecfg --fix-sound sudo firecfg ``` -The first command solves some shared memory/PID namespace bugs in PulseAudio software prior to version 9. -The second command integrates Firejail into your desktop. You would need to logout and login back to apply -PulseAudio changes. +The first command solves some shared memory/PID namespace bugs in PulseAudio +software prior to version 9. The second command integrates Firejail into your +desktop. You would need to logout and login back to apply PulseAudio changes. Start your programs the way you are used to: desktop manager menus, file manager, desktop launchers. -The integration applies to any program supported by default by Firejail. -There are over 900 default applications in the current Firejail version, and -the number goes up with every new release. +The integration applies to any program supported by default by Firejail. There +are over 900 default applications in the current Firejail version, and the +number goes up with every new release. We keep the application list in [src/firecfg/firecfg.config](src/firecfg/firecfg.config) @@ -290,8 +294,8 @@ Discussion: ### Profile Statistics -A small tool to print profile statistics. Compile and install as usual. -The tool is installed in the /usr/lib/firejail directory. +A small tool to print profile statistics. Compile and install as usual. The +tool is installed in the /usr/lib/firejail directory. Run it over the profiles in /etc/profiles: