README 27.1 KB
Newer Older
netblue30's avatar
netblue30 committed
1 2 3 4
Firejail  is  a  SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of  untrusted  applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
Fred Barclay's avatar
Fred Barclay committed
5
VLC, Audacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
netblue30's avatar
netblue30 committed
6
DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
Fred Barclay's avatar
Fred Barclay committed
7
Pidgin, Quassel, and XChat.
netblue30's avatar
netblue30 committed
8

Fred Barclay's avatar
Fred Barclay committed
9
Firejail also expands the restricted shell facility found  in  bash  by adding
netblue30's avatar
netblue30 committed
10 11
Linux  namespace support. It supports sandboxing specific users upon login.

12
Download: https://sourceforge.net/projects/firejail/files/
netblue30's avatar
netblue30 committed
13
Build and install: ./configure && make && sudo make install
netblue30's avatar
netblue30 committed
14
Documentation and support: https://firejail.wordpress.com/
netblue30's avatar
netblue30 committed
15
Development: https://github.com/netblue30/firejail
netblue30's avatar
netblue30 committed
16 17
License: GPL v2

netblue30's avatar
netblue30 committed
18 19 20


Compile and install mainline version from GitHub:
netblue30's avatar
netblue30 committed
21 22 23 24 25 26 27 28 29 30

$ git clone https://github.com/netblue30/firejail.git
$ cd firejail
$ ./configure && make && sudo make install-strip

On Debian/Ubuntu you will need to install git and a compiler:

$ sudo apt-get install build-essential


netblue30's avatar
netblue30 committed
31

netblue30's avatar
netblue30 committed
32 33 34 35
Maintainer:
- netblue30 (netblue30@yahoo.com)

Committers
36 37 38
- chiraag-nataraj (https://github.com/chiraag-nataraj)
- crass (https://github.com/crass)
- glitsj16 (https://github.com/glitsj16)
netblue30's avatar
netblue30 committed
39
- Fred-Barclay (https://github.com/Fred-Barclay)
40
- Reiner Herrmann (https://github.com/reinerh - Debian/Ubuntu maintainer)
41
- smithsohu (https://github.com/smitsohu)
42
- SkewedZeppelin (https://github.com/SkewedZeppelin)
43
- startx2017 (https://github.com/startx2017) - LTS and *bugfixes branches maintainer)
44
- Topi Miettinen (https://github.com/topimiettinen)
45
- Vincent43 (https://github.com/Vincent43)
netblue30's avatar
netblue30 committed
46 47 48 49 50 51
- netblue30 (netblue30@yahoo.com)



Firejail Authors (alphabetical order)

52 53
1dnrr (https://github.com/1dnrr)
	- add pybitmessage profile
Fred-Barclay's avatar
Fred-Barclay committed
54 55
Aidan Gauland (https://github.com/aidalgol)
	- added electron and riot-web profiles
netblue30's avatar
netblue30 committed
56 57 58 59
Akhil Hans Maulloo (https://github.com/kouul)
	- xz profile
Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
	- src/lib/libnetlink.c extracted from iproute2 software package
netblue30's avatar
netblue30 committed
60 61 62 63 64 65 66
Aleksey Manevich (https://github.com/manevich)
	- several profile fixes
	- fix problem with relative path in storage_find function
	- fix build for systems without bash
	- fix double quotes/single quotes problem
	- big rework of argument processing subsystem
	- --join fixes
67
	- splitting up cmdline.c
netblue30's avatar
netblue30 committed
68
	- Busybox support
netblue30's avatar
netblue30 committed
69
	- X11 support rewrite
70
	- gether shell selection code in one place
netblue30's avatar
netblue30 committed
71
	- fixed several TOCTOU security problems
netblue30's avatar
netblue30 committed
72
	- added --fix option to firecfg utility
netblue30's avatar
netblue30 committed
73
	- read_pid fix
74
	- added --x11=block options
75
	- x11 xpra, xphyr, none profile commands
76
	- added --join-or-start command
netblue30's avatar
netblue30 committed
77
	- CVE-2016-7545
78 79 80
Alexander Gerasiov (https://github.com/gerasiov)
	- read-only ~/.ssh/authorized_keys
	- profile updates
netblue30's avatar
netblue30 committed
81 82 83 84 85 86 87
Alexander Stein (https://github.com/ajstein)
	- added profile for qutebrowser
Andrey Alekseenko (https://github.com/al42and)
	- fixing lintian warnings
	- fixed Skype profile
andrew160 (https://github.com/andrew160)
	- profile and man pages fixes
netblue30's avatar
netblue30 committed
88 89
announ (https://github.com/announ)
	- mpv and youtube-dl profile fixes
90 91
	- git profile fix
	- evince profile fix
92 93
Antonio Russo (https://github.com/aerusso)
	- enumerate root directories in apparmor profile
94
	- fix join-or-start
netblue30's avatar
netblue30 committed
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115
Austin S. Hemmelgarn (https://github.com/Ferroin)
	- unbound profile update
avoidr (https://github.com/avoidr)
	- whitelist fix
	- recently-used.xbel fix
	- added parole profile
	- blacklist ncat
	- hostname support in profile file
	- Google Chrome profile rework
	- added cmus profile
	- man page fixes
	- add net iface support in profile files
	- paths fix
	- lots of profile fixes
	- added mcabber profile
	- fixed mpv profile
	- various other fixes
Bader Zaidan (https://github.com/BaderSZ)
	- Telegram profile
Benjamin Kampmann (https://github.com/ligthyear)
	- Forward exit code from child process
116 117 118 119 120 121 122 123 124 125
bitfreak25 (https://github.com/bitfreak25)
	- added PlayOnLinux profile
	- minetest profile fix
	- added sylpheed profile
bn0785ac (https://github.com/bn0785ac)
	- fixed bnox, dnox profiles
	- support all tor-browser langpacks
	- chromium canary (inox-family) fixes
	- allow multithreading for cin and natron
	- fix dbus access for libreoffice on KDE
126
	- fix inox, add snox profile
netblue30's avatar
netblue30 committed
127 128
BogDan Vatra (https://github.com/bog-dan-ro)
	- zoom profile
129 130
Brad Ackerman
	- blacklist Bitwarden config in disable-passwdmgr.inc
netblue30's avatar
netblue30 committed
131 132 133
Bruno Nova (https://github.com/brunonova)
	- whitelist fix
	- bash arguments fix
134 135 136
Bundy01 (https://github.com/Bundy01)
	- fixup geary
	- add gradio profile
Fred Barclay's avatar
Fred Barclay committed
137 138
BytesTuner (https://github.com/BytesTuner)
	- provided keepassxc profile
netblue30's avatar
netblue30 committed
139 140
caoliver (https://github.com/caoliver)
	- network system fixes
netblue30's avatar
netblue30 committed
141 142 143 144
Cat (https://github.com/ecat3)
	- prevent tmux connecting to an existing session
creideiki (https://github.com/creideiki)
	- make the sandbox process reap all children
netblue30's avatar
netblue30 committed
145 146
chiraag-nataraj (https://github.com/chiraag-nataraj)
	- support for newer Xpra versions (2.1+)
147 148 149 150
	- added Viber, amule, ardour5, brackets, calligra, cin, fetchmail profiles
	- added freecad, google-earth, imagej, kdenlive, linphone, lmms profiles
	- added macrofusion, mpd, natron, ricochet, shotcut, tor-browser-en profiles
	- added tor, x-terminal-emulator, zart profiles
netblue30's avatar
netblue30 committed
151 152 153
Christian Stadelmann (https://github.com/genodeftest)
	- profile fixes
	- evolution profile fix
154 155
Clayton Williams (https://github.com/gosre)
	- addition of RLIMIT_AS
156 157 158 159
crass (https://github.com/crass)
	- extract_command_name fixes
	- update appimage size calculation to newest code from libappimage
	- firejail should look for processes with names exactly named
netblue30's avatar
netblue30 committed
160 161 162 163 164 165 166 167 168 169
curiosity-seeker (https://github.com/curiosity-seeker)
	- tightening unbound and dnscrypt-proxy profiles
	- correct and tighten QuiteRss profile
	- dnsmasq profile
	- okular and gwenview profiles
	- cherrytree profile fixes
	- added quiterss profile
	- added guayadeque profile
	- added VirtualBox.profile
	- various other profile fixes
netblue30's avatar
netblue30 committed
170
	- added digiKam profile
171
	- write-protection for thumbnailer dir
Fred-Barclay's avatar
Fred-Barclay committed
172 173
da2x (https://github.com/da2x)
	- matched RPM license tag
netblue30's avatar
netblue30 committed
174 175
Daan Bakker (https://github.com/dbakker)
	- protect shell startup files
176 177 178
Danil Semelenov (https://github.com/sgtpep)
	- blacklist the Electron Cash Wallet
	- blacklist s3cmd and s3fs configs
179 180
	- blacklist Ethereum, Monero wallets
	- blacklist Dash Core wallet
netblue30's avatar
netblue30 committed
181 182 183 184 185 186 187 188 189
Dara Adib (https://github.com/daradib)
	- ssh profile fix
	- evince profile fix
Deelvesh Bunjun (https://github.com/DeelveshBunjun)
	- added xpdf profile
dewbasaur (https://github.com/dewbasaur)
	- block access to history files
	- Firefox PDF.js exploit (CVE-2015-4495) fixes
	- Steam profile
190 191
DiGitHubCap (https://github.com/DiGitHubCap)
	- deluge profile fix
netblue30's avatar
netblue30 committed
192 193 194 195 196
dshmgh (https://github.com/dshmgh)
	- overlayfs fix for systems with /home mounted on a separate partition
Duncan Overbruck (https://github.com/Duncaen)
	- musl libc fix
	- utmp fix
netblue30's avatar
netblue30 committed
197
	- fix install for --disable-seccomp software configurations
netblue30's avatar
netblue30 committed
198 199 200 201
emacsomancer (https://github.com/emacsomancer)
	- added profile for Conkeror browser
eventyrer (https://github.com/eventyrer)
	- update gnome-mplayer.profile
202 203
Fabian Würfl (https://github.com/BafDyce)
	- fixed race condition when creating a new directory
netblue30's avatar
netblue30 committed
204
	- Liferea profile
netblue30's avatar
netblue30 committed
205 206
Felipe Barriga Richards (https://github.com/fbarriga)
	- --private-etc fix
207 208
floxo (https://github.com/floxo)
	- fixed qml disk cache issue
netblue30's avatar
netblue30 committed
209 210
Franco (nextime) Lanza (https://github.com/nextime)
	- added --private-template/--private-home
211 212
fuelflo (https://github.com/fuelflo)
    - added rambox profile
netblue30's avatar
netblue30 committed
213
Fred-Barclay (https://github.com/Fred-Barclay)
netblue30's avatar
netblue30 committed
214
	- lots of profile fixes
netblue30's avatar
netblue30 committed
215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236
	- added Vivaldi, Atril profiles
	- added PaleMoon profile
	- split Icedove and Thunderbird profiles
	- added 0ad profile
	- fixed version for .deb packages
	- added Warzone2100 profile
	- blacklisted VeraCrypt
	- added Gpredict profile
	- added Aweather, Stellarium profiles
	- fixed HexChat and Atril profiles
	- fixed disable-common.inc for mate-terminal
	- blacklisted escape-happy terminals in disable-common.inc
	- blacklisted g++
	- added xplayer, xreader, and xviewer profiles
	- added Brave profile
	- added Gitter profile
	- various organising
	- added LibreOffice profile
	- added pix profile
	- added audacity profile
	- fixed Telegram and qtox profiles
	- added Atom Beta and Atom profiles
Fred-Barclay's avatar
Fred-Barclay committed
237
	- tightened 0ad, atril, evince, gthumb, pix, qtox, and xreader profiles
netblue30's avatar
netblue30 committed
238 239 240 241 242 243
	- several private-bin conversions
	- added jitsi profile
	- pidgin private-bin conversion
	- added eom profile
	- added gnome-chess profile
	- added DOSBox profile
netblue30's avatar
netblue30 committed
244
	- evince profile enhancement
Fred-Barclay's avatar
Fred-Barclay committed
245
	- tightened Spotify profile
Fred-Barclay's avatar
Fred-Barclay committed
246
	- added xiphos and Tor Browser Bundle profiles
netblue30's avatar
netblue30 committed
247 248
	- added xed and pluma profiles
	- added Cryptocat profile
Fred Barclay's avatar
Fred Barclay committed
249
	- added wireshark profile
netblue30's avatar
netblue30 committed
250
	- uudeview profile fix
netblue30's avatar
netblue30 committed
251
	- fixed palemoon and qbittorrent profiles
252
	- compile/install scripts for --git-install/--git-uninstall commands
netblue30's avatar
netblue30 committed
253
	- tighten keepassx
Fred Barclay's avatar
Fred Barclay committed
254
	- added Thunar profile
Fred Barclay's avatar
Fred Barclay committed
255
	- added mousepad, qpicview, and cvlc profiles
Fred Barclay's avatar
Fred Barclay committed
256
	- added BibleTime profile
Fred Barclay's avatar
Fred Barclay committed
257
	- added caja and galculator profiles
Fred Barclay's avatar
Fred Barclay committed
258
	- added Catfish profile
259 260
Frederik Olesen (https://github.com/Freso)
	- added many vim profiles
261 262
g3ngr33n (https://github.com/g3ngr33n)
	- fix musl compilation
263
G4JC (https://sourceforge.net/u/gaming4jc/profile/)
netblue30's avatar
netblue30 committed
264
	- ARM support
netblue30's avatar
netblue30 committed
265
	- profile fixes
netblue30's avatar
netblue30 committed
266 267 268 269
Gaman Gabriel (https://github.com/stelariusinfinitek)
	- inox profile
geg2048 (https://github.com/geg2048)
	- kwallet profile fixes
270 271 272 273 274 275 276 277 278 279 280 281
glitsj16 (https://github.com/glitsj16)
	- evince-previewer, evince-thumbnailer profiles
	- gnome-recipes, gnome-logs profiles
	- fixed private-lib for gnome-calculator
	- gunzip, bunzip2 profiles
	- enchant, enchat-2, enchant-lsmod, enchant-lsmod-2 profiles
	- atool, soundconvertor, mpd, gnome-calculator, makepkg profile fixes
	- acat, adiff, als, apack, arepack, aunpack profiles,
	- fix sqlitebrowser blacklist
	- spelling fixes
	- bitblbee profile fixes
	- fix firefox common addons
282 283 284 285 286 287 288 289 290 291 292
	- many profile fixes
	- profile fixes: file, strings, claws-mail,
	- new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
	- new profiles: devilspie, devilspie2, easystroke, github-desktop, min
	- new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
	- new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
	- new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
	- new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
	- new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
	- new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
	- new profiles: masterpdfeditor
netblue30's avatar
netblue30 committed
293 294
graywolf (https://github.com/graywolf)
	- spelling fix
netblue30's avatar
netblue30 committed
295 296
greigdp (https://github.com/greigdp)
	- Gajim IM client profile
netblue30's avatar
netblue30 committed
297 298 299 300 301 302
	- fixed spotify profile
	- added Slack profile
	- add Spotify profile
GSI (https://github.com/GSI)
	- added Uzbl browser profile
hamzadis (https://github.com/hamzadis)
Fred Barclay's avatar
Fred Barclay committed
303
	- added --overlay-named=name and --overlay-path=path
netblue30's avatar
netblue30 committed
304 305 306
hawkey116477 (https://github.com/hawkeye116477)
	- added Waterfox profile
	- updated Cyberfox profile
Fred-Barclay's avatar
Fred-Barclay committed
307
	- updated Waterfox profile
netblue30's avatar
netblue30 committed
308 309
Helmut Grohne (https://github.com/helmutg)
	-  compiler support in the build system - Debian bug #869707
netblue30's avatar
netblue30 committed
310 311
Holger Heinz (https://github.com/hheinz)
	- manpage work
netblue30's avatar
netblue30 committed
312 313 314
Icaro Perseo (https://github.com/icaroperseo)
	- Icecat profile
	- several profile fixes
netblue30's avatar
netblue30 committed
315 316 317 318 319 320
Igor Bukanov (https://github.com/ibukanov)
	- found/fiixed privilege escalation in --hosts-file option
iiotx (https://github.com/iiotx)
	- use generic.profile by default
Impyy (https://github.com/Impyy)
	- added mumble profile
321 322
intika (https://github.com/intika)
	- added musixmatch profile
netblue30's avatar
netblue30 committed
323 324
irregulator (https://github.com/irregulator)
	- thunderbird profile fixes for debian stretch
325 326 327
Irvine (https://github.com/Irvinehimself)
	- added conky profile
	- added ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch) profiles
netblue30's avatar
netblue30 committed
328 329 330 331
Ivan Kozik (https://github.com/ivan)
	- speed up sandbox exit
Jaykishan Mutkawoa (https://github.com/jmutkawoa)
	- cpio profile
netblue30's avatar
netblue30 committed
332 333
James Elford (https://github.com/jelford)
	- pass password manager support
334
	- removed shell none from ssh-agent configuration, fixing the infinite loop
335 336 337 338 339 340 341 342
	- added gcloud profile
	- blacklist sensitive cloud provider files in disable-common
Jean Lucas (https://github.com/flacks)
	- fix Discord profile
	- add AnyDesk profile
	- add WebStorm profile
	- add XMind profile
	- add nvm to list of disabled interpreters
343 344 345 346 347 348
	- fixes for tor-browser-* profiles
	- alias for riot-desktop
	- add gnome-mpv profile
	- fix wire profile
	- add Beaker profile
	- fixes for gnome-music
netblue30's avatar
netblue30 committed
349 350 351 352 353 354 355 356 357 358
Jericho (https://github.com/attritionorg)
	- spelling
Jesse Smith (https://github.com/slicer69)
	- added QupZilla profile
jgriffiths (https://github.com/jgriffiths)
	- make rpm packages support
Joan Figueras (https://github.com/figue)
	- added abrowser profile
	- added Google-Play-Music-Desktop-Player
	- added cyberfox profile
359 360
John Mullee (https://github.com/jmullee)
	- fix empty-string assignment in whitelisting code
361 362 363
Jonas Heinrich (https://github.com/onny)
	- added signal-desktop profile
	- fixed franz profile
netblue30's avatar
netblue30 committed
364 365 366 367 368 369
jrabe (https://github.com/jrabe)
	- disallow access to kdbx files
	- Epiphany profile
	- Polari profile
	- qTox profile
	- X11 fixes
370 371 372 373
juan (https://github.com/nyancat18)
	- fixed Kdenlive, Shotcut profiles
	- new profiles for Cinelerra, Cliqz, Bluefish
	- profile hardening
netblue30's avatar
netblue30 committed
374 375
Kaan Genç (https://github.com/SeriousBug)
	- dynamic allocation of noblacklist buffer
netblue30's avatar
netblue30 committed
376
KellerFuchs (https://github.com/KellerFuchs)
netblue30's avatar
netblue30 committed
377 378
	- nonewpriv support, extended profiles for this feature
	- make `restricted-network` prevent use of netfilter
netblue30's avatar
netblue30 committed
379
	- disable-common.inc additions
netblue30's avatar
netblue30 committed
380 381
	- make mutt and msmtp's rc files read-only
	- added support for .local profile files in /etc/firejail
netblue30's avatar
netblue30 committed
382
	- fixed Cryptocat profile
netblue30's avatar
netblue30 committed
383
	- make ~/.local read-only
384 385
Kishore96in (https://github.com/Kishore96in)
	- added falkon profile
netblue30's avatar
netblue30 committed
386 387
KOLANICH (https://github.com/KOLANICH)
	- added symlink fixer fix_private-bin.py in contrib section
388 389
Kunal Mehta (https://github.com/legoktm)
	- converted all links to https in manpages
390 391
laniakea64 (https://github.com/laniakea64)
	- added fj-mkdeb.py script to build deb packages
netblue30's avatar
netblue30 committed
392 393 394 395
Lari Rauno (https://github.com/tuutti)
	- qutebrowser profile fixes
Laurent Declercq (https://github.com/nuxwin)
	- fixed test for shell interpreter in chroots
netblue30's avatar
netblue30 committed
396 397
LaurentGH (https://github.com/LaurentGH)
	- allow private-bin parameters to be absolute paths
netblue30's avatar
netblue30 committed
398 399
Loïc Damien (https://github.com/dzamlo)
	- small fixes
400 401
luzpaz (https://github.com/luzpaz)
	- code spelling fixes
netblue30's avatar
netblue30 committed
402 403
maces (https://github.com/maces)
	- Franz messenger profile
netblue30's avatar
netblue30 committed
404 405
Madura A (https://github.com/manushanga)
	- floader
netblue30's avatar
netblue30 committed
406 407
mahdi1234 (https://github.com/mahdi1234)
	- cherrytree profile
netblue30's avatar
netblue30 committed
408
	- Seamonkey profiles
netblue30's avatar
netblue30 committed
409
Martin Carpenter (https://github.com/mcarpenter)
netblue30's avatar
netblue30 committed
410
	- security audit and bug fixes
netblue30's avatar
netblue30 committed
411
	- Centos 6.x support
netblue30's avatar
netblue30 committed
412 413 414
Martin Dosch (spam-debian@mdosch.de)
	- support for gnome-shell integration addon in Firefox
	  (Bug-Debian: https://bugs.debian.org/872720)
netblue30's avatar
netblue30 committed
415 416
Matt Parnell (https://github.com/ilikenwf)
	- whitelisting for core firefox related functionality
417 418
Mattias Wadman (https://github.com/wader)
	- seccomp errno filter support
netblue30's avatar
netblue30 committed
419 420
Matthew Gyurgyik (https://github.com/pyther)
	- rpm spec and several fixes
421 422
matu3ba (https://github.com/matu3ba)
	- evince hardening, dbus removed
423 424 425
maxice8 (https://github.com/maxice8)
	- fixed missing header
Melvin Vermeeren (https://github.com/melvinvermeeren)
426
	- added teamspeak3 profile
427
	- added --noautopulse command line option
netblue30's avatar
netblue30 committed
428 429 430 431 432 433
Michael Haas (https://github.com/mhaas)
	- bugfixes
Mike Frysinger (vapier@gentoo.org)
	- Gentoo compile patch
mjudtmann (https://github.com/mjudtmann)
	- lock firejail configuration in disable-mgmt.inc
434 435
mustaqimM (https://github.com/mustaqimM)
    - added profile for Nylas Mail
netblue30's avatar
netblue30 committed
436 437
n1trux (https://github.com/n1trux)
	- fix flashpeak-slimjet profile typos
438 439
NickMolloy (https://github.com/NickMolloy)
	- ARP address length fix
netblue30's avatar
netblue30 committed
440 441
Niklas Haas (https://github.com/haasn)
	- blacklisting for keybase.io's client
442 443
nyancat18 (https://github.com/nyancat18)
	- added ardour4, dooble, karbon, krita profiles
netblue30's avatar
netblue30 committed
444 445
Ondra Nekola (https://github.com/satai)
	- allow firefox theming with non-global themes
Fred-Barclay's avatar
Fred-Barclay committed
446 447
Panzerfather (https://github.com/Panzerfather)
	- allow eog to access user's trash
448
Patrick Toomey (https://sourceforge.net/u/ptoomey/profile/)
netblue30's avatar
netblue30 committed
449
	- user namespace implementation
450 451
Paul Moore <pmoore@redhat.com>
	-src/fsec-print/print.c extracted from libseccomp software package
netblue30's avatar
netblue30 committed
452 453
Paupiah Yash (https://github.com/CaffeinatedStud)
	- gzip  profile
454 455
Pawel (https://github.com/grimskies)
	- make --join return exit code of the invoked program
netblue30's avatar
netblue30 committed
456 457 458 459 460 461
Peter Millerchip (https://github.com/pmillerchip)
	- memory allocation fix
	- --private.keep to --private-home transition
	- support for files and directories starting with ~ in blacklist option
	- support for files and directories with spaces in blacklist option
	- lots of other fixes
netblue30's avatar
netblue30 committed
462
	- implement the --allow-private-blacklist option
netblue30's avatar
netblue30 committed
463 464 465 466 467
Peter Hogg (https://github.com/pigmonkey)
	- WeeChat profile
	- rtorrent profile
	- bitlbee profile fixes
	- mutt profile fixes
Fred Barclay's avatar
Fred Barclay committed
468
	- fixes for youtube-dl in mpv profile
netblue30's avatar
netblue30 committed
469 470
Petter Reinholdtsen (pere@hungry.com)
	- Opera profile patch
471 472 473
PharmaceuticalCobweb (https://github.com/PharmaceuticalCobweb)
	- fix quiterss profile
	- added profile for gnome-ring
netblue30's avatar
netblue30 committed
474 475
pirate486743186 (https://github.com/pirate486743186)
	- KMail profile
476 477 478
	- mpsyt profile
	- fix youtube-dl and mpv
	- fix gnome-mpv profile
netblue30's avatar
netblue30 committed
479 480
Pixel Fairy (https://github.com/xahare)
	- added fjclip.py, fjdisplay.py and fjresize.py in contrib section
netblue30's avatar
netblue30 committed
481 482
PizzaDude (https://github.com/pizzadude)
	- add mpv support to smplayer
Fred-Barclay's avatar
Fred-Barclay committed
483
	- added profile for torbrowser-launcher
484 485
	- added profile for sayonara and qmmp
	- remove tracelog from Firefox profile
Fred-Barclay's avatar
Fred-Barclay committed
486 487
probonopd (https://github.com/probonopd)
	- automatic build on Travis CI
netblue30's avatar
netblue30 committed
488 489 490 491 492 493 494 495 496 497 498 499 500 501
pshpsh (https://github.com/pshpsh)
	- added FossaMail profile
pstn (https://github.com/pstn)
	- added install-strip, make install without strip
pszxzsd (https://github.com/pszxzsd)
	-uGet profile
pwnage-pineapple (https://github.com/pwnage-pineapple)
	- update Okular profile
Rafael Cavalcanti (https://github.com/rccavalcanti)
	- chromium profile fixes for Arch Linux
Rahiel Kasim (https://github.com/rahiel)
	- Mathematica profile
	- whitelisted Dropbox profile
	- whitelisted keysnail config for firefox
netblue30's avatar
netblue30 committed
502
	- added telegram-desktop profile
netblue30's avatar
netblue30 committed
503 504
Rahul Golam (https://github.com/technoLord)
	- strings profile
netblue30's avatar
netblue30 committed
505 506
Raphaël Droz (https://github.com/drzraf)
	- zoom profile fixes
netblue30's avatar
netblue30 committed
507 508 509 510 511 512 513 514 515 516
Reiner Herrmann (https://github.com/reinerh)
	- a number of build patches
	- man page fixes
	- Debian and Ubuntu integration
	- clang-analyzer fixes
	- Debian reproducible build
	- unit testing framework
	- moved build to .xz
	- detached signatures for source archive
	- recursive mkdir
netblue30's avatar
netblue30 committed
517 518 519
Remco Verhoef (https://github.com/nl5887)
	- add overlay configuration to profiles
	- prevent running shells recursively
520 521 522 523
RD PROJEKT (https://github.com/RDProjekt)
	- noblacklist support for /sys/module directory
	- whitelist support for /sys/module directory
	- support AMD GPU by OpenCL in Blender
netblue30's avatar
netblue30 committed
524 525 526 527
rogshdo (https://github.com/rogshdo)
	- BitlBee profile
Ruan (https://github.com/ruany)
	- fixed hexchat profile
528 529 530 531 532 533 534 535 536
rusty-snake (https://github.com/rusty-snake)
	- fixed kdenlive profile
	- added thunderbird-wayland and supertuxkart profiles
	- fix bible-time, rhythmbox profiles
	- more blacklists in disable-common.inc
	- fixed some missing paths in disable-programs.inc
	- added ghostwriter profle
	- fix gajim profile, added gajim-history-manager profile
	- updates for ~/.cargo
537
	- added klavaro profile
538 539
Salvo 'LtWorf' Tomaselli (https://github.com/ltworf)
	- fixed ktorrent profile
netblue30's avatar
netblue30 committed
540 541 542 543
sarneaud (https://github.com/sarneaud)
	- rewrite globbing code to fix various minor issues
	- added noblacklist command for profile files
	- various enhancements and bug fixes
netblue30's avatar
netblue30 committed
544 545 546 547 548 549
Sergey Alirzaev (https://github.com/l29ah)
	- firejail.h enum fix
Simon Peter (https://github.com/probonopd)
	- set $APPIMAGE and $APPDIR environment variables
	- AppImage version detection
	- Leafppad type v1 and v2 appimage packages in test/appimage
netblue30's avatar
netblue30 committed
550
	- GitHub/Travis CI integration
netblue30's avatar
netblue30 committed
551 552 553
sinkuu (https://github.com/sinkuu)
	- blacklisting kwalletd
	- fix symlink invocation for programs placing symlinks in $PATH
Fred-Barclay's avatar
Fred-Barclay committed
554 555
smithsohu (https://github.com/smitsohu)
	- read-only kde4 services directory
Fred-Barclay's avatar
Fred-Barclay committed
556 557 558
	- enhanced mediathekview profile
	- added tuxguitar profile
	- removed nodvd from k3b profile
netblue30's avatar
netblue30 committed
559
	- lots of profile hardening and fixes
Fred-Barclay's avatar
Fred-Barclay committed
560
	- added MuseScore profile
Fred-Barclay's avatar
Fred-Barclay committed
561
	- fixed device discovery for simple-scan
562
	- add novideo support in many profiles
netblue30's avatar
netblue30 committed
563
	- improve server profiles, harden musescore
startx2017's avatar
startx2017 committed
564 565
	- snap profile cleanup
	- tighten some capability sets further
566
	- enhance mutt, goobox, baloo and clementine profiles
Fred-Barclay's avatar
Fred-Barclay committed
567 568
soredake (https://github.com/soredake)
	- fix steam startup with >=llvm-4
569 570 571
	- fix handling of STEAM_RUNTIME_PREFER_HOST_LIBRARIES in steam profile
	- fix keepassxc.profile
	- fix qtox.profile
572 573 574
	- add ocaltime to private-etc to make qtox show correct time
	- fixes for the keepassxc 2.2.5 version
SkewedZeppelin (https://github.com/SkewedZeppelin)
netblue30's avatar
netblue30 committed
575 576
	- added Bless, Gnome 2048, Gnome Calculator, Gnome Contacts, JD-GUI, Lollypop, MultiMC5 profiles
	- added PDFSam, Pithos, and Xonotic profiles
577
	- disabled Go, Rust, and OpenSSL in disable-devel.conf
Fred Barclay's avatar
Fred Barclay committed
578
	- added dino profile
Fred Barclay's avatar
Fred Barclay committed
579
	- added Kodi profile
580 581
	- lots of profile tightening
	- added viking, youtube-dl, meld profiles
582
	- added Arduino profile
netblue30's avatar
netblue30 committed
583
	- lots of profile hardening and fixing
netblue30's avatar
netblue30 committed
584
	- firecfg enhancements
Fred Barclay's avatar
Fred Barclay committed
585
	- fixed vlc profile
netblue30's avatar
netblue30 committed
586 587
	- fixed wget profile
	- fixed firecfg.config file
netblue30's avatar
netblue30 committed
588
	- added novideo and disable-mnt support in all profile files
Fred-Barclay's avatar
Fred-Barclay committed
589
	- added Peek and silent profiles
netblue30's avatar
netblue30 committed
590
	- added IntelliJ IDEA and Android Studio profiles
Fred-Barclay's avatar
Fred-Barclay committed
591 592 593 594 595
	- added arm profile
	- lots of profile improvements/tightening
	- added apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img,
	soundconverter, sqlitebrowser, and truecraft profiles
	- added gnome-twitch profile
Fred-Barclay's avatar
Fred-Barclay committed
596 597 598 599
	- Unified all 341 profiles
	- profile tightening with private-bin
	- fix notv and nodvd placement
	- added novideo and noexec /tmp to Tor browser profile
Fred-Barclay's avatar
Fred-Barclay committed
600
	- fixed Gnome 2048 on wayland
netblue30's avatar
netblue30 committed
601 602 603
	- added Neverball profile
	- hardern /var
	- profile standard layout
netblue30's avatar
netblue30 committed
604
	- Spotify and itch.io profile fixes
605
sshirokov (https://sourceforge.net/u/yshirokov/profile/)
Fred-Barclay's avatar
Fred-Barclay committed
606
	- Patch to output "Reading profile" to stderr instead of stdout
netblue30's avatar
netblue30 committed
607 608 609 610 611 612 613 614
SYN-cook (https://github.com/SYN-cook)
	- keepass/keepassx browser fixes
	- disable-common.inc fixes
	- blacklist GNOME keyring and Konqueror
	- fixed Keepass(x) profiles
	- Engrampa profile
	- Scribus profile
	- autostart blacklist for KDE
netblue30's avatar
netblue30 committed
615
	- blacklist startup scripts
netblue30's avatar
netblue30 committed
616
	- various profile updates
617 618
	- blacklist lots of KDE files
	- blacklist nautilus and nemo in ~/.local/share/
619
	- added mediathekview profile
Fred Barclay's avatar
Fred Barclay committed
620
	- blacklist attic and borg
621
	- cleaned up Okular and Gwenview profiles
622
	- added baloo_file profile
netblue30's avatar
netblue30 committed
623
	- k3b profile update
netblue30's avatar
netblue30 committed
624
	- noexec changes
netblue30's avatar
netblue30 committed
625
	- gnome-calculator changes
netblue30's avatar
netblue30 committed
626 627
startx2017 (https://github.com/startx2017)
	- syscall list update
628 629
	- updated default seccomp filters - added  bpf, clock_settime, personality, process_vm_writev, query_module,
	              settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old
netblue30's avatar
netblue30 committed
630
	- enable/disable join support in /etc/firejail/firejail.config
netblue30's avatar
netblue30 committed
631 632
	- firecfg fix: create ~/.local/share/applications directory if it doesn't exist
	- firejail.config cleanup
netblue30's avatar
netblue30 committed
633
	- --quiet fixes
634
	- bugfixes branches maintainer
635
	- firemon --top speed-up
636
	- Blender and 2048-qt profiles
637 638
	- handbrake profile
	- mplayer and smplayer profiles
startx2017's avatar
startx2017 committed
639
	- kwrite and geary profiles
netblue30's avatar
netblue30 committed
640 641 642 643 644 645 646 647 648 649 650 651 652
thewisenerd (https://github.com/thewisenerd)
	- allow multiple private-home commands
	- use $SHELL variable if the shell is not specified
	- appimage: pass commandline arguments
Thomas Jarosch (https://github.com/thomasjfox)
	- disable keepassx in disable-passwdmgr.inc
	- added uudeview profile
	- added tar (gtar), unzip and unrar profile
	- added file profile
	- improved profile list
	- fixed small variable glitch in stat64() / lstat64() (libtracelog)
	- added lstat() / lstat64() support to libtrace
	- include mkuid.sh in make dist
653
	- cppcheck bugfixes
654 655
tinmanx (https://github.com/tinmanx)
	- remove network access from cherrytree.profile
netblue30's avatar
netblue30 committed
656 657 658 659
Tom Mellor (https://github.com/kalegrill)
	- mupen64plus profile
Tomasz Jan Góralczyk (https://github.com/tjg)
	- fixed Steam profile
netblue30's avatar
netblue30 committed
660
Topi Miettinen (https://github.com/topimiettinen)
netblue30's avatar
netblue30 committed
661
	- improved seccomp printing
netblue30's avatar
netblue30 committed
662
	- improve mount handling, fix /run/user handling
netblue30's avatar
netblue30 committed
663 664
	- /proc/sys can be nosuid,noexec,nodev
	- seccomp default list update
665 666
	- improve loading of seccomp filter and memory-deny-write-execute feature
	- private-lib feature
667 668 669 670
user1024 (user1024@tut.by)
	- electron profile whitelisting
	- fixed Rocket.Chat profile
	- nheko profile
netblue30's avatar
netblue30 committed
671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686
valoq (https://github.com/valoq)
	- lots of profile fixes
	- added support for /srv in --whitelist feature
	- Eye of GNOME, Evolution, display (imagemagik) and Wire profiles
	- blacklist suid binaries in disable-common.inc
	- fix man pages
	- added keypass2, qemu profiles
	- added amarok, ark, atool, bleachbit, brasero, dolphin, dragon, elinks, enchant, exiftool profiles
	- added file-roller, gedit, gjs,gnome-books, gnome-documents, gnome-maps, gnome-music profiles
	- added gnome-photos, gnome-weather, goobox, gpa, gpg, gpg-agent, highlight profiles
	- added img2txt, k3b, kate, lynx, mediainfo, nautilus, odt2txt, pdftotext, simple-scan profiles
	- added skanlite, ssh-agent, transmission-cli, tracker, transmission-show, w3m, xfburn, xpra profiles
	- added wget profile
	- disable gnupg and systemd directories under /run/user
	- added iridium browser profile
Vadim A. Misbakh-Soloviov (https://github.com/msva)
netblue30's avatar
netblue30 committed
687
	- profile fixes
netblue30's avatar
netblue30 committed
688 689 690 691 692 693 694 695 696 697
ValdikSS (https://github.com/ValdikSS)
	- Psi+, Corebird, Konversation profiles
	- various profile fixes
Vasya Novikov (https://github.com/vn971)
	- Wesnoth profile
	- Hedegewars profile
	- manpage fixes
	- fixed firecfg clean/clear issue
	- found the ugliest bug so far
	- seccomp debug description in man page
698
	- seccomp syscall list update for glibc 2.26-10
netblue30's avatar
netblue30 committed
699 700
Veeti Paananen (https://github.com/veeti)
	- fixed Spotify profile
701 702 703 704
veloute (https://github.com/veloute)
	- added standardnotes profile
	- added flameshot profile
	- added jdownloader profile
705 706 707
	- fixed discord profile
	- fixes for various profiles
	- removed vim and ranger from firecfg
708 709
Vincent43 (https://github.com/Vincent43)
	- apparmor enhancements
netblue30's avatar
netblue30 committed
710 711 712 713 714
vismir2 (https://github.com/vismir2)
	- feh, ranger, 7z, keepass, keepassx and zathura profiles
	- claws-mail, mutt, git, emacs, vim profiles
	- lots of profile fixes
	-  support for truecrypt and zuluCrypt
715 716
viq (https://github.com/viq)
	- discord-canary profile
netblue30's avatar
netblue30 committed
717 718
Vladimir Gorelov (https://github.com/larkvirtual)
	- added Yandex browser profile
netblue30's avatar
netblue30 committed
719 720
Vladimir Schowalter (https://github.com/VladimirSchowalter20)
	- apparmor profile enhancements
Fred-Barclay's avatar
Fred-Barclay committed
721 722
	- various KDE profile enhancements
	read-only kde5 services directory
netblue30's avatar
netblue30 committed
723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740
xee5ch (https://github.com/xee5ch)
	- skypeforlinux profile
yumkam (https://github.com/yumkam)
	- add compile-time option to restrict --net= to root only
	- man page fixes
Zack Weinberg (https://github.com/zackw)
	- added support for joining a persistent, named network namespace
	- removed libconnect
	- fixed memory corruption in noblacklist processing
	- rework DISPLAY environment parsing
	- rework masking X11 sockets in /tmp/.X11-unix directory
	- rework xpra and xephyr detection
	- rework abstract X11 socket detection
	- rework X11 display number assignment
	- rework X11 xorg processing
	- rework fcopy, --follow-link support in fcopy
	- follow link support in --private-bin
	- wait_for_other function rewrite
741 742 743 744
	- Xvfb X11 server support
	- Xvfb and Xephyr profiles, modified Xpra profile
	- support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started
	  with firejail --x11
745
	- support for xpra-extra-params in firejail.config
Fred Barclay's avatar
Fred Barclay committed
746

747
Copyright (C) 2014-2019 Firejail Authors