Commit 13798513 authored by netblue30's avatar netblue30

Baseline firejail 0.9.28

parent f104ebb6
This diff is collapsed.
all: apps firejail.1 firemon.1 firejail-profile.5 firejail-login.5
MYLIBS = src/lib
APPS = src/firejail src/firemon src/libtrace src/ftee
datarootdir=@datarootdir@
PREFIX=@prefix@
prefix=@prefix@
VERSION=@PACKAGE_VERSION@
NAME=@PACKAGE_NAME@
PACKAGE_TARNAME=@PACKAGE_TARNAME@
DOCDIR=@docdir@
.PHONY: mylibs $(MYLIBS)
mylibs: $(MYLIBS)
$(MYLIBS):
$(MAKE) -C $@
.PHONY: apps $(APPS)
apps: $(APPS)
$(APPS): $(MYLIBS)
$(MAKE) -C $@
firemon.1: src/man/firemon.txt
./mkman.sh $(VERSION) src/man/firemon.txt firemon.1
firejail.1: src/man/firejail.txt
./mkman.sh $(VERSION) src/man/firejail.txt firejail.1
firejail-profile.5: src/man/firejail-profile.txt
./mkman.sh $(VERSION) src/man/firejail-profile.txt firejail-profile.5
firejail-login.5: src/man/firejail-login.txt
./mkman.sh $(VERSION) src/man/firejail-login.txt firejail-login.5
clean:;
for dir in $(APPS); do \
$(MAKE) -C $$dir clean; \
done
for dir in $(MYLIBS); do \
$(MAKE) -C $$dir clean; \
done
rm -f firejail.1 firejail.1.gz firemon.1 firemon.1.gz firejail-profile.5 firejail-profile.5.gz firejail-login.5 firejail-login.5.gz
distclean: clean
for dir in $(APPS); do \
$(MAKE) -C $$dir distclean; \
done
for dir in $(MYLIBS); do \
$(MAKE) -C $$dir distclean; \
done
rm -fr Makefile autom4te.cache config.log config.status config.h
install: all
# firejail executable
strip src/firejail/firejail
mkdir -p $(DESTDIR)/$(PREFIX)/bin
install -c -m 0755 src/firejail/firejail $(DESTDIR)/$(PREFIX)/bin/.
chmod u+s $(DESTDIR)/$(PREFIX)/bin/firejail
# firemon executable
strip src/firemon/firemon
install -c -m 0755 src/firemon/firemon $(DESTDIR)/$(PREFIX)/bin/.
# libraries and plugins
strip src/libtrace/libtrace.so
mkdir -p $(DESTDIR)/$(PREFIX)/lib/firejail
install -c -m 0644 src/libtrace/libtrace.so $(DESTDIR)/$(PREFIX)/lib/firejail/.
strip src/ftee/ftee
install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(PREFIX)/lib/firejail/.
install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(PREFIX)/lib/firejail/.
# documents
mkdir -p $(DESTDIR)/$(DOCDIR)
install -c -m 0644 COPYING $(DESTDIR)/$(DOCDIR)/.
install -c -m 0644 README $(DESTDIR)/$(DOCDIR)/.
install -c -m 0644 RELNOTES $(DESTDIR)/$(DOCDIR)/.
# etc files
mkdir -p $(DESTDIR)/etc/firejail
install -c -m 0644 etc/audacious.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/clementine.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/gnome-mplayer.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/rhythmbox.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/totem.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/firefox.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/icedove.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/iceweasel.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/midori.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/evince.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/chromium-browser.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/chromium.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/disable-mgmt.inc $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/disable-secret.inc $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/disable-common.inc $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/dropbox.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/opera.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/thunderbird.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/transmission-gtk.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/transmission-qt.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/vlc.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/deluge.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/qbittorrent.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/generic.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/pidgin.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/xchat.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/empathy.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/server.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/icecat.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/quassel.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/deadbeef.profile $(DESTDIR)/etc/firejail/.
install -c -m 0644 etc/filezilla.profile $(DESTDIR)/etc/firejail/.
bash -c "if [ ! -f /etc/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/etc/firejail/.; fi;"
# man pages
rm -f firejail.1.gz
gzip -9n firejail.1
rm -f firemon.1.gz
gzip -9n firemon.1
rm -f firejail-profile.5.gz
gzip -9n firejail-profile.5
rm -f firejail-login.5.gz
gzip -9n firejail-login.5
mkdir -p $(DESTDIR)/$(PREFIX)/share/man/man1
install -c -m 0644 firejail.1.gz $(DESTDIR)/$(PREFIX)/share/man/man1/.
install -c -m 0644 firemon.1.gz $(DESTDIR)/$(PREFIX)/share/man/man1/.
mkdir -p $(DESTDIR)/$(PREFIX)/share/man/man5
install -c -m 0644 firejail-profile.5.gz $(DESTDIR)/$(PREFIX)/share/man/man5/.
install -c -m 0644 firejail-login.5.gz $(DESTDIR)/$(PREFIX)/share/man/man5/.
rm -f firejail.1.gz firemon.1.gz firejail-profile.5.gz firejail-login.5.gz
# bash completion
mkdir -p $(DESTDIR)/$(PREFIX)/share/bash-completion/completions
install -c -m 0644 etc/firejail.bash_completion $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/firejail
install -c -m 0644 etc/firemon.bash_completion $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/firemon
uninstall:;
rm -f $(DESTDIR)/$(PREFIX)/bin/firejail
rm -f $(DESTDIR)/$(PREFIX)/bin/firemon
rm -fr $(DESTDIR)/$(PREFIX)/lib/firejail
rm -fr $(DESTDIR)/$(PREFIX)/share/doc/firejail
rm -f $(DESTDIR)/$(PREFIX)/share/man/man1/firejail.1*
rm -f $(DESTDIR)/$(PREFIX)/share/man/man1/firemon.1*
rm -f $(DESTDIR)/$(PREFIX)/share/man/man5/firejail-profile.5*
rm -f $(DESTDIR)/$(PREFIX)/share/man/man5/firejail-login.5*
rm -f $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/firejail
rm -f $(DESTDIR)/$(PREFIX)/share/bash-completion/completions/firemon
dist:
make distclean
rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.bz2
mkdir $(NAME)-$(VERSION)
cd $(NAME)-$(VERSION); cp -a ../src .; cp -a ../etc .; cp -a ../platform .; cp -a ../test .; rm -f src/tools/rvtest; rm -fr src/art; cd ..
cd $(NAME)-$(VERSION); cp -a ../configure .; cp -a ../configure.ac .; cp -a ../Makefile.in .; cp -a ../install.sh .; cp -a ../mkman.sh .; cp -a ../mkdeb.sh .;cd ..
cd $(NAME)-$(VERSION); cp -a ../COPYING .; cp -a ../README .; cp -a ../RELNOTES .; cd ..
cd $(NAME)-$(VERSION); rm -fr `find . -name .svn`; rm -fr $(NAME)-$(VERSION); cd ..
tar -cjvf $(NAME)-$(VERSION).tar.bz2 $(NAME)-$(VERSION)
rm -fr $(NAME)-$(VERSION)
deb: dist
./mkdeb.sh $(NAME) $(VERSION)
extras: all
$(MAKE) -C extras/firetools
\ No newline at end of file
Firejail is a SUID sandbox program that reduces the risk of security
breaches by restricting the running environment of untrusted applications
using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge and qBittorrent.
Firejail also expands the restricted shell facility found in bash by adding
Linux namespace support. It supports sandboxing specific users upon login.
Download: http://sourceforge.net/projects/firejail/files/
Build and install: ./configure && make && sudo make install
Documentation and support: http://firejail.sourceforge.net
License: GPL v2
Firejail Authors:
netblue30 (netblue30@yahoo.com)
Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
- user namespace implementation, ticket 10
Reiner Herrmann - a number of build patches, man page fixes (tickets 11, 12, 13, 19)
sshirokov (http://sourceforge.net/u/yshirokov/profile/)
- Patch to output "Reading profile" to stderr instead of stdout (ticket 15)
Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
- src/lib/libnetlink.c extracted from iproute2 software package
G4JC (http://sourceforge.net/u/gaming4jc/profile/)
- ARM support (ticket 17)
Copyright (C) 2014, 2015 Firejail Authors
firejail (0.9.28) baseline; urgency=low
* network scanning, --scan option
* interface MAC address support, --mac option
* IP address range, --iprange option
* traffic shaping, --bandwidth option
* reworked printing of network status at startup
* man pages rework
* added firejail-login man page
* added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
profiles
* added an /etc/firejail/disable-common.inc file to hold common directory
blacklists
* blacklist Opera and Chrome/Chromium config directories in profile files
* support noroot option for profile files
* enabled noroot in default profile files
* bugfixes
-- netblue30 <netblue30@yahoo.com> Sat, 1 Aug 2015 08:00:00 -0500
firejail (0.9.26) baseline; urgency=low
* private dev directory
* private.keep option for whitelisting home files in a new private directory
* user namespaces support, noroot option
* added Deluge and qBittorent profiles
* bugfixes
-- netblue30 <netblue30@yahoo.com> Thu, 30 Apr 2015 08:00:00 -0500
firejail (0.9.24) baseline; urgency=low
* whitelist and blacklist seccomp filters
* doubledash option
* --shell=none support
* netfilter file support in profile files
* dns server support in profile files
* added --dns.print option
* added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem.
* added --caps.drop=all in default profiles
* new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
* clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
* Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
* two build patches from Reiner Herman (tickets 11, 12)
* man page patch from Reiner Herman (ticket 13)
* output patch (ticket 15) from sshirokov
-- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500
firejail (0.9.22) baseline; urgency=low
* Replaced --noip option with --ip=none
* Container stdout logging and log rotation
* Added process_vm_readv, process_vm_writev and mknod to
* default seccomp blacklist
* Added CAP_MKNOD to default caps blacklist
* Blacklist and whitelist custom Linux capabilities filters
* macvlan device driver support for --net option
* DNS server support, --dns option
* Netfilter support
* Monitor network statistics, --netstats option
* Added profile for Mozilla Thunderbird/Icedove
* - --overlay support for Linux kernels 3.18+
* Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
* Bugfix: check uid/gid for cgroup
-- netblue30 <netblue30@yahoo.com> Mon, 9 Mar 2015 09:00:00 -0500
firejail (0.9.20) baseline; urgency=low
* utmp, btmp and wtmp enhancements
* create empty /var/log/wtmp and /var/log/btmp files in sandbox
* generate a new /var/run/utmp file in sandbox
* CPU affinity, --cpu option
* Linux control groups support, --cgroup option
* Opera web browser support
* VLC support
* Added "empty" attribute to seccomp command to remove the default
* syscall list form seccomp blacklist
* Added --nogroups option to disable supplementary groups for regular
* users. root user always runs without supplementary groups.
* firemon enhancements
* display the command that started the sandbox
* added --caps option to display capabilities for all sandboxes
* added --cgroup option to display the control groups for all sandboxes
* added --cpu option to display CPU affinity for all sandboxes
* added --seccomp option to display seccomp setting for all sandboxes
* New compile time options: --disable-chroot, --disable-bind
* bugfixes
-- netblue30 <netblue30@yahoo.com> Mon, 02 Feb 2015 08:00:00 -0500
firejail (0.9.18) baseline; urgency=low
* Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
* Support for tracing setreuid, setregid, setresuid, setresguid syscalls
* Added profiles for transmission-gtk and transmission-qt
* bugfixes
-- netblue30 <netblue30@yahoo.com> Fri, 25 Dec 2014 10:00:00 -0500
firejail (0.9.16) baseline; urgency=low
* Configurable private home directory
* Configurable default user shell
* Software configuration support for --docdir and DESTDIR
* Profile file support for include, caps, seccomp and private keywords
* Dropbox profile file
* Linux capabilities and seccomp filters enabled by default for Firefox,
Midori, Evince and Dropbox
* bugfixes
-- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500
firejail (0.9.14) baseline; urgency=low
* Linux capabilities and seccomp filters are automatically enabled in
chroot mode (--chroot option) if the sandbox is started as regular user
* Added support for user defined seccomp blacklists
* Added syscall trace support
* Added --tmpfs option
* Added --balcklist option
* Added --read-only option
* Added --bind option
* Logging enhancements
* --overlay option was reactivated
* Added firemon support to print the ARP table for each sandbox
* Added firemon support to print the route table for each sandbox
* Added firemon support to print interface information for each sandbox
* bugfixes
-- netblue30 <netblue30@yahoo.com> Tue, 15 Oct 2014 10:00:00 -0500
firejail (0.9.12.2) baseline; urgency=low
* Fix for pulseaudio problems
* --overlay option was temporarily disabled in this build
-- netblue30 <netblue30@yahoo.com> Mon, 29 Sept 2014 07:00:00 -0500
firejail (0.9.12.1) baseline; urgency=low
* Fix for pulseaudio problems
* --overlay option was temporarily disabled in this build
-- netblue30 <netblue30@yahoo.com> Mon, 22 Sept 2014 09:00:00 -0500
firejail (0.9.12) baseline; urgency=low
* Added capabilities support
* Added support for CentOS 7
* bugfixes
-- netblue30 <netblue30@yahoo.com> Mon, 15 Sept 2014 10:00:00 -0500
firejail (0.9.10) baseline; urgency=low
* Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot
* Fixed --top option CPU utilization calculation
* Implemented --tree option in firejail and firemon
* Implemented --join=name option
* Implemented --shutdown option
* Preserve the current working directory if possible
* Cppcheck and clang errors cleanup
* Added a Chromium web browser profile
-- netblue30 <netblue30@yahoo.com> Thu, 28 Aug 2014 07:00:00 -0500
firejail (0.9.8.1) baseline; urgency=low
* FIxed a number of bugs introduced in 0.9.8
-- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500
firejail (0.9.8) baseline; urgency=low
* Implemented nowrap mode for firejail --list command option
* Added --top option in both firejail and firemon
* seccomp filter support
* Added pid support for firemon
* bugfixes
-- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500
firejail (0.9.6) baseline; urgency=low
* Mounting tmpfs on top of /var/log, required by several server programs
* Server fixes for /var/lib and /var/cache
* Private mode fixes
* csh and zsh default shell support
* Chroot mode fixes
* Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd,
-- netblue30 <netblue30@yahoo.com> Sat, 7 Jun 2014 09:00:00 -0500
firejail (0.9.4) baseline; urgency=low
* Fixed resolv.conf on Ubuntu systems using DHCP
* Fixed resolv.conf on Debian systems using resolvconf package
* Fixed /var/lock directory
* Fixed /var/tmp directory
* Fixed symbolic links in profile files
* Added profiles for evince, midori
-- netblue30 <netblue30@yahoo.com> Sun, 4 May 2014 08:00:00 -0500
firejail (0.9.2) baseline; urgency=low
* Checking IP address passed with --ip option using ARP; exit if the address
is already present
* Using a lock file during ARP address assignment in order to removed a race
condition.
* Several fixes to --private option; it also mounts a tmpfs filesystem on top
of /tmp
* Added user access check for profile file
* Added --defaultgw option
* Added support of --noip option; it is necessary for DHCP setups
* Added syslog support
* Added support for "tmpfs" and "read-only" profile commands
* Added an expect-based testing framework for the project
* Added bash completion support
* Added support for multiple networks
-- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500
firejail (0.9) baseline; urgency=low
* First beta version
-- netblue30 <netblue30@yahoo.com> Sat, 12 Apr 2014 09:00:00 -0500
This diff is collapsed.
AC_PREREQ([2.68])
AC_INIT(firejail, 0.9.28, netblue30@yahoo.com, , http://firejail.sourceforge.net)
AC_CONFIG_SRCDIR([src/firejail/main.c])
#AC_CONFIG_HEADERS([config.h])
AC_PROG_CC
#AC_PROG_CXX
AC_PROG_INSTALL
AC_PROG_RANLIB
HAVE_SECCOMP=""
AC_ARG_ENABLE([seccomp],
AS_HELP_STRING([--disable-seccomp], [Disable seccomp]))
AS_IF([test "x$enable_seccomp" != "xno"], [
HAVE_SECCOMP="-DHAVE_SECCOMP"
AC_SUBST(HAVE_SECCOMP)
])
HAVE_CHROOT=""
AC_ARG_ENABLE([chroot],
AS_HELP_STRING([--disable-chroot], [Disable chroot]))
AS_IF([test "x$enable_chroot" != "xno"], [
HAVE_CHROOT="-DHAVE_CHROOT"
AC_SUBST(HAVE_CHROOT)
])
HAVE_BIND=""
AC_ARG_ENABLE([bind],
AS_HELP_STRING([--disable-bind], [Disable bind]))
AS_IF([test "x$enable_bind" != "xno"], [
HAVE_BIND="-DHAVE_BIND"
AC_SUBST(HAVE_BIND)
])
# checking pthread library
AC_CHECK_LIB([pthread], [main], [], AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER(pthread.h,,AC_MSG_ERROR([*** POSIX thread support not installed ***]))
AC_CHECK_HEADER([linux/seccomp.h], HAVE_SECCOMP_H="-DHAVE_SECCOMP_H", HAVE_SECCOMP_H="")
AC_SUBST(HAVE_SECCOMP_H)
AC_OUTPUT(Makefile src/lib/Makefile src/firejail/Makefile src/firemon/Makefile src/libtrace/Makefile src/ftee/Makefile)
echo
echo "Configuration options:"
echo " prefix: $prefix"
echo " seccomp: $HAVE_SECCOMP"
echo " <linux/seccomp.h>: $HAVE_SECCOMP_H"
echo " chroot: $HAVE_CHROOT"
echo " bind: $HAVE_BIND"
echo
# Audacious profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot
# Chromium browser profile
include /etc/firejail/chromium.profile
# Chromium browser profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc chromium
netfilter
# Clementine profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot
# DeaDBeeF profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
noroot
# deluge profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot
blacklist ${HOME}/.adobe
blacklist ${HOME}/.macromedia
blacklist ${HOME}/.mozilla
blacklist ${HOME}/.icedove
blacklist ${HOME}/.thunderbird
blacklist ${HOME}/.config/midori
blacklist ${HOME}/.config/opera
blacklist ${HOME}/.config/chromium
blacklist ${HOME}/.config/google-chrome
blacklist ${HOME}/.filezilla
# system directories
blacklist /sbin
blacklist /usr/sbin
# system management
blacklist ${PATH}/umount
blacklist ${PATH}/mount
blacklist ${PATH}/fusermount
blacklist ${PATH}/su
blacklist ${PATH}/sudo
blacklist ${PATH}/xinput
blacklist ${PATH}/strace
# HOME directory
blacklist ${HOME}/.ssh
tmpfs ${HOME}/.gnome2_private
blacklist ${HOME}/.gnome2/keyrings
blacklist ${HOME}/kde4/share/apps/kwallet
blacklist ${HOME}/kde/share/apps/kwallet
blacklist ${HOME}/.pki/nssdb
blacklist ${HOME}/.gnupg
blacklist ${HOME}/.local/share/recently-used.xbel
# dropbox profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps
seccomp
noroot
# Empathy profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
# evince profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc
caps.drop all
seccomp
netfilter
noroot
# FileZilla profile
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc .filezilla
caps.drop all
seccomp
noroot
netfilter
# Firejail profile for Mozilla Firefox (Iceweasel in Debian)
include /etc/firejail/disable-mgmt.inc
include /etc/firejail/disable-secret.inc
include /etc/firejail/disable-common.inc .mozilla
caps.drop all
seccomp
netfilter
noroot
# bash completion for firejail -*- shell-script -*-
#********************************************************************
# Script based on completions/configure script in bash-completion package in
# Debian. The original package is release under GPL v2 license, the webpage is
# http://bash-completion.alioth.debian.org
#*******************************************************************
__interfaces(){
cut -f 1 -d ':' /proc/net/dev | tail -n +3 | grep -v lo | xargs
}
_firejail()
{
local cur prev words cword split
_init_completion -s || return
case $prev in
--help|--version|-debug-caps|--debug-syscalls|--list|--tree|--top|--join|--shutdown)
return 0
;;
--profile)
_filedir
return 0
;;
--chroot)
_filedir -d
return 0
;;
--cgroup)
_filedir -d
return 0
;;
--tmpfs)
_filedir
return 0
;;
--blacklist)
_filedir
return 0
;;
--read-only)
_filedir
return 0
;;
--bind)
_filedir
return 0
;;
--private)
_filedir
return 0
;;
--shell)
_filedir
return 0
;;
--net)
comps=$(__interfaces)
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
return 0
;;
esac
$split && return 0
# if $COMP_CONFIGURE_HINTS is not null, then completions of the form