sys-apps / firejail

Security sandbox for any type of processes

Official package sites : https://firejail.wordpress.com/ ·

Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. This is the regular version. For a long term support version see sys-apps/firejail-lts.

v9999 :: 0 :: gentoo

Modified
License
GPL-2
USE flags
apparmor chroot contrib debug file-transfer globalcfg network overlayfs private-home seccomp suid test userns vim-syntax whitelist x11

v0.9.60-r1 :: 0 :: gentoo

Modified
License
GPL-2
Keywords
~amd64 ~x86
USE flags
apparmor chroot contrib debug file-transfer globalcfg network overlayfs private-home seccomp suid test userns vim-syntax whitelist x11

v0.9.50 :: 0 :: gentoo

Modified
License
GPL-2
Keywords
amd64 ~x86
USE flags
apparmor bind chroot contrib file-transfer network network-restricted seccomp userns x11

General

apparmor
Enable support for custom AppArmor profiles
bind
Enable custom bind mounts
chroot
Enable chrooting to custom directory
contrib
Install contrib scripts
debug
Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
file-transfer
Enable file transfers between sandboxes and the host system
globalcfg
Enable global config file
network
Enable networking features
network-restricted
Grant access to --interface, --net=ethXXX and --netfilter only to root user; regular users are only allowed --net=none
overlayfs
Enable overlayfs
private-home
Enable private home feature
seccomp
Enable system call filtering
suid
Enable setuid root program, with potential security risks
test
Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
userns
Enable attaching a new user namespace to a sandbox (--noroot option)
vim-syntax
Pulls in related vim syntax scripts
whitelist
Enable whitelist
x11
Enable X11 sandboxing

dev-tcltk / expect : tool for automating interactive applications

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

sys-libs / libapparmor : Library to support AppArmor userspace utilities

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

sys-libs / libapparmor : Library to support AppArmor userspace utilities

x11-wm / xpra : X Persistent Remote Apps (xpra) and Partitioning WM (parti) based on wimpiggy

sys-apps / firejail-lts : Security sandbox for any type of processes; LTS version

571558
sys-apps/firejail: add dnscrypt, unbound init script wrappers
663784
=sys-apps/firejail-0.9.54[-suid] Error mkdir: util.c:931 create_empty_dir_as_root: Permission denied
687108
<sys-apps/firejail-0.9.60-r1 <sys-apps/firejail-lts-0.9.56.2-r1: unauthorized disclosure of information (shutdown.c)
687612
<sys-apps/firejail-0.9.60-r1 <sys-apps/firejail-lts-0.9.56.2-r1: unauthorized disclosure of information (runtime seccomp files)
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: added live ebuild
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: remove old
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: [QA] fix compressed man pages
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: metadata changed upstream
Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.69, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
sys-apps/firejail: [QA] fix sed calls
Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Mikle Kolyada · gentoo
sys-apps/firejail: QA fixes
Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Mikle Kolyada <zlogene@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Dennis Lamm · gentoo
sys-apps/firejail: bump 0.9.60
Bug: https://bugs.gentoo.org/656360 Bug: https://bugs.gentoo.org/678976 Signed-off-by: Dennis Lamm <expeditioneer@gentoo.org> Package-Manager: Portage-2.3.66, Repoman-2.3.16
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Piotr Żołnowski · gentoo
sys-apps/firejail: Prepare for xpra removal
Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Amadeusz Piotr Żołnowski · gentoo
sys-apps/firejail: Remove older versions
Leave only latest stable and testing versions. Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Bug: https://bugs.gentoo.org/668178 Signed-off-by: Amadeusz Piotr Żołnowski <aidecoe@gentoo.org>
Repository mirror & CI · gentoo
Merge updates from master
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.24, Repoman-2.3.6
Tobias Klausmann · gentoo
sys-apps/firejail-0.9.50-r0: amd64 stable
Gentoo-Bug: http://bugs.gentoo.org/639340
Thomas Deutschmann · gentoo
sys-apps/firejail: keyworded for x86 (bug #595208)
Package-Manager: Portage-2.3.16, Repoman-2.3.6
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.8, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Restrict test
Some tests require super user privileges, some require Xorg, etc. Test is not suitable to run from ebuild. Gentoo-Bug: 620118 Package-Manager: Portage-2.3.8, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 622540 Package-Manager: Portage-2.3.7, Repoman-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 6201180 Package-Manager: Portage-2.3.5, Repoman-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: Portage-2.3.5, Repoman-2.3.2
Robin H. Johnson · gentoo
Drop $Id$ per council decision in bug #611234.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable version
Gentoo-Bug: 607382 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #607382
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Don't install license file
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 607382 Package-Manager: Portage-2.3.3, Repoman-2.3.1
T. Malfatti · gentoo
media-libs/portaudio: Version bump
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable version
Gentoo-Bug: 604758 Package-Manager: Portage-2.3.3, Repoman-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #604758
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Sebastian Pipping · gentoo
sys-apps/firejail: 0.9.44.4 (bug #604758)
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Block firejail-lts rather than itself
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail-lts: Move LTS version to separate package
Having it in a separate package makes it easier for users to follow LTS branch of firejail. Before that users had to mask older versions to test LTS. It's better than having it slotted because portage by default picks up latest version from any slot and user would have to explicitly install particular slot. Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove older LTS version
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump LTS version
It includes security bug fix back-ported to 0.9.38.4. Package-Manager: Portage-2.3.3, Repoman-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Backport security fix to 0.9.38.4
Gentoo-Bug: 601994 Package-Manager: portage-2.3.3
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove vulnerable stable version
Gentoo-Bug: 601994 Package-Manager: portage-2.3.3
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #601994
Package-Manager: portage-2.3.0 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove the vulnerable version
Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
0.9.44.2 is a maintenance and security release for version 0.9.44. Gentoo-Bug: 601994 Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove busybox flag
Busybox workaround is only meant for busybox-based system. Gentoo-Bug: 597910 Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump LTS version to 0.9.38.4
0.9.38.4 addresses CVE-2016-7545. Package-Manager: portage-2.3.2
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove versions with potential security failures
See news from September 2016 at <https://firejail.wordpress.com/>. Package-Manager: portage-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #593710
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove older revision of 0.9.40
Package-Manager: portage-2.3.1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Remove oldest version
Package-Manager: portage-2.3.1
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #588258
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version to 0.9.42
Package-Manager: portage-2.3.0
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Add version 0.9.38.2
It comes with security fixes. 0.9.38 is stable there this one should be stabilized ASAP. Package-Manager: portage-2.3.0
Agostino Sarubbo · gentoo
sys-apps/firejail: amd64 stable wrt bug #584376
Package-Manager: portage-2.2.28 RepoMan-Options: --include-arches="amd64" Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Correct deps for X11
It requires xpra both server and client. Package-Manager: portage-2.3.0_rc1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Allow compile time configuration
Networking features and most Linux kernel security features require root privileges during configuration. Firejail (as a SUID binary) opens the access to these features therefore it may be desired to turn off some of the features on compile time. Bump EAPI to 6. Depend on x11-wm/xpra for X11 sandboxing feature. Package-Manager: portage-2.3.0_rc1
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Package-Manager: portage-2.3.0_rc1
Mike Frysinger · gentoo
sys-apps/firejail: respect build settings
Mike Frysinger · gentoo
sys-apps/firejail: fix build w/newer glibc #580390
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Downgrade EAPI to 5
Ebuild with EAPI 6 cannot be stabilized. Package-Manager: portage-2.2.27
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Bump version
Gentoo-Bug: 574258 Package-Manager: portage-2.2.27
Amadeusz Żołnowski · gentoo
sys-apps/firejail: Add new package
Package-Manager: portage-2.2.26