firejail --version
firejail version 0.9.59
Compile time support:
- AppArmor support is disabled
- AppImage support is enabled
- chroot support is enabled
- file and directory whitelisting support is enabled
- file transfer support is enabled
- networking support is enabled
- overlayfs support is enabled
- private-home support is enabled
- seccomp-bpf support is enabled
- user namespace support is enabled
- X11 sandboxing support is enabled
sudo firecfg
Removing all firejail symlinks:
Configuring symlinks in /usr/local/bin based on firecfg.config
ark created
asunder created
atril created
atril-previewer created
atril-thumbnailer created
audacious created
baloo_file created
baloo_filemetadata_temp_extractor created
brasero created
catfish created
chromium-browser created
conky created
cvlc created
dig created
display created
dnscrypt-proxy created
dnsmasq created
dolphin created
enchant created
enchant-lsmod created
engrampa created
eog created
epiphany created
evince created
evince-previewer created
evince-thumbnailer created
exiftool created
falkon created
fbreader created
ffmpeg created
file-roller created
firefox created
flameshot created
gedit created
ghb created
gimp created
gimp-2.8 created
gjs created
globaltime created
gnome-font-viewer created
google-chrome created
google-chrome-stable created
gthumb created
gucharmap created
gwenview created
hugin created
k3b created
kodi created
less created
liferea created
lximage-qt created
masterpdfeditor5 created
mate-calc created
mate-calculator created
mediainfo created
meld created
mousepad created
mplayer created
mpv created
obs created
okular created
opera created
orage created
palemoon created
parole created
patch created
pdftotext created
pidgin created
polari created
qbittorrent created
qlipper created
qmmp created
qpdfview created
ristretto created
scribus created
[b][i]Warning: cannot create /usr/local/bin/signal-desktop - already exists! Skipping...[/i][/b]
simple-scan created
skanlite created
skypeforlinux created
slack created
smplayer created
smtube created
soundconverter created
ssh created
strings created
thunderbird created
torbrowser-launcher created
transmission-gtk created
vivaldi created
vivaldi-stable created
vlc created
wget created
whois created
xcalc created
xfburn created
xfce4-dict created
xfce4-notes created
[b][i]Warning: cannot create /usr/local/bin/youtube-dl - already exists! Skipping...[/i][/b]
Adding user YYY to Firejail access database in /usr/local/etc/firejail/firejail.users
Creating /usr/local/etc/firejail/firejail.users
Fixing desktop files in /home/YYY/.local/share/applications
masterpdfeditor5.desktop created
vlc.desktop created
skypeforlinux.desktop created
org.gnome.Polari.desktop created
catfish.desktop created
vivaldi-stable.desktop created
org.gnome.Nautilus.desktop created
google-chrome.desktop created
org.gnome.gedit.desktop created
net.sourceforge.liferea.desktop created
Modifié en dernier par Serpolet le 12 févr. 2019, 13:27, modifié 1 fois.
apparmor
# Ubuntu 18.04 uses its own apparmor profile
# uncomment the next line if you are not on Ubuntu
#apparmor
caps.drop all
machine-id
netfilter
#nodbus
nodvd
nogroups
nonewprivs
#nonewprivs - fix for Ubuntu 18.04/Debian 10
noroot
notv
protocol unix,inet,inet6
seccomp
#protocol unix,inet,inet6 - fix for Ubuntu 18.04/Debian 10
#seccomp - fix for Ubuntu 18.04/Debian 10
shell none
tracelog
#tracelog - problems reported by Ubuntu 18.04 apparmor profile in /var/log/syslog
##########
# D-Bus is a huge security hole. Uncomment those lines if you need D-Bus
# functionality.
# Allow D-Bus access. It may negatively affect security. Comment those lines or
# use 'nodbus' option in profile if you don't need D-Bus functionality.
##########
##include <abstractions/dbus-strict>
##include <abstractions/dbus-session-strict>
#dbus,
#include <abstractions/dbus-strict>
#include <abstractions/dbus-session-strict>
dbus,
##########
# With ptrace it is possible to inspect and hijack running programs. Usually this
./autogen.sh
...
checking for doxygen... /usr/bin/doxygen
configure: error: dot not found in $PATH but doxygen defaults to HAVE_DOT=YES; install graphviz or disable its use via --without-doxygen
Error running configure at ./autogen.sh line 300.
$ ./autogen.sh --without-doxygen
.....
configure: error: could not find function 'krb5_sendauth' required for Kerberos 5
Error running configure at ./autogen.sh line 300.
./autogen.sh --without-doxygen
.....
****************************************************************************
To build, run:
/usr/bin/make
To view some help, run:
/usr/bin/make help
After the build of LibreOffice has finished successfully, you can immediately run LibreOffice using the command:
instdir/program/soffice
If you want to run the smoketest, run:
/usr/bin/make check
*************************************
* WARNING : JAVA_HOME was not explicitly informed with --with-jdk-home. the configure script
* WARNING : attempted to find JAVA_HOME automatically, but apparently it failed
* WARNING : in case JAVA_HOME is incorrectly set, some projects will not be built correctly
* WARNING : no suitable nasm (Netwide Assembler) found for internal libjpeg-turbo