blob: 395160fe39358c897d5ebabb129f5992bd66c6d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>aidecoe@gentoo.org</email>
<name>Amadeusz Żołnowski</name>
</maintainer>
<longdescription lang="en">
Firejail is a SUID program that reduces the risk of security breaches
by restricting the running environment of untrusted applications using
Linux namespaces and seccomp-bpf. It allows a process and all its
descendants to have their own private view of the globally shared
kernel resources, such as the network stack, process table, mount
table.
This is bleeding edge branch. For long term support version see
sys-apps/firejail-lts.
</longdescription>
<upstream>
<remote-id type="sourceforge">firejail</remote-id>
</upstream>
<use>
<flag name="apparmor">Enable support for custom AppArmor
profiles</flag>
<flag name="bind">Enable custom bind mounts</flag>
<flag name="chroot">Enable chrooting to custom directory</flag>
<flag name="contrib">Install contrib scripts</flag>
<flag name="file-transfer">Enable file transfers between sandboxes and
the host system</flag>
<flag name="network">Enable networking features</flag>
<flag name="network-restricted">Grant access to --interface,
--net=ethXXX and --netfilter only to root user; regular users are
only allowed --net=none</flag>
<flag name="seccomp">Enable system call filtering</flag>
<flag name="userns">Enable attaching a new user namespace to a
sandbox (--noroot option)</flag>
<flag name="x11">Enable X11 sandboxing</flag>
</use>
</pkgmetadata>
|