Welcome!
Important information
-- Required MX 15/16 Repository Changes
-- Information on torrent hosting changes
-- Information on MX15/16 GPG Keys
-- Spectre and Meltdown vulnerabilities

News
-- Introducing our new Website
-- MX Linux on social media: here

Current releases
-- MX-18.2 Point Release release info here
-- Migration Information to MX-18 here
-- antiX-17.4.1 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 17/18 Repository: The Firejail/Firetools Thread

Post Reply
User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 18740
Joined: Fri Dec 15, 2006 8:07 pm

MX 17/18 Repository: The Firejail/Firetools Thread

#1

Post by Stevo » Tue Jan 29, 2019 7:51 pm

Firejail and its Qt GUI, firetools, 0.9.58 are now available in the test repo.
Firejail is a SUID security sandbox program that reduces the risk of
security breaches by restricting the running environment of untrusted
applications using Linux namespaces and seccomp-bpf. It allows a
process and all its descendants to have their own private view of the
globally shared kernel resources, such as the network stack, process
table, mount table.
Changes in this release include:

Code: Select all

  * --disable-mnt rework
  * --net.print command
  * GitLab CI/CD integration: disto specific builds
  * profile parser enhancements and conditional handling support
     for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F
  * profile name support
  * added explicit nonewprivs support to join option
  * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms
  * new profiles: devilspie, devilspie2, easystroke, github-desktop, min
  * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat
  * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep
  * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat
  * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore
  * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh
  * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie
  * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley
  * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland
  * new profiles: supertuxkart, ghostwriter, gajim-history-manager
  * bugfixes
Please let us know how it installs and performs if you give it a try. Thanks!

philotux
Forum Regular
Forum Regular
Posts: 425
Joined: Sun Apr 22, 2018 12:57 pm

Re: MX 17/18 Repository: The Firejail/Firetools Thread

#2

Post by philotux » Tue Jan 29, 2019 9:44 pm

Upgrade to firejail 0.9.58 went fine here (I don't use firetools). It seems to be working well with the few apps I have sandboxed so far. The install process gave me the option to keep a modified profile (cliqz.profile). So far so good:

Code: Select all

firejail --list

29597:philotux::firejail gradio
30918:philotux::firejail firefox -P
30440:philotux::firejail /usr/bin/chromium --proxy-server=127.0.0.1:8118 
31546:philotux::firejail cherrytree 
31916:philotux:keepassxc:firejail keepassxc 
32432:philotux::firejail /usr/bin/thunderbird 
32692:philotux::firejail python /usr/lib/python2.7/dist-packages/youtube_dl_gui/__main__.py 
8328:philotux::firejail cliqz -P
2262:philotux::firejail mpv --player-operation-mode=pseudo-gui --
2687:philotux::firejail /usr/bin/vlc --started-from-file
3152:philotux::firejail audacious  

Thank you!

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 18740
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17/18 Repository: The Firejail/Firetools Thread

#3

Post by Stevo » Mon Feb 11, 2019 3:21 pm

Now updated to the latest 0.9.58.2 in the test repo.
Changes in Firejail and the configuration from Debian include:

- new global configuration flag (name-change) that allows disabling
automatic renaming of sandboxes, if requested name already exists
(Closes: #920768)
- whitelist additional files in zoom profile
Thanks to Patrik Flykt for the patch. (Closes: #921454)
* Drop patch applied upstream.
* Switch off cgroup support by default in firejail.config, as it can be
used to move processes into less restricted cgroups (see also #916920).
* Install AppArmor local override file via dh_apparmor.

Post Reply

Return to “Package Requests/Status - MX 17/18”