summaryrefslogtreecommitdiff
blob: 395160fe39358c897d5ebabb129f5992bd66c6d7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<maintainer type="person">
		<email>aidecoe@gentoo.org</email>
		<name>Amadeusz Żołnowski</name>
	</maintainer>
	<longdescription lang="en">
		Firejail is a SUID program that reduces the risk of security breaches
		by restricting the running environment of untrusted applications using
		Linux namespaces and seccomp-bpf. It allows a process and all its
		descendants to have their own private view of the globally shared
		kernel resources, such as the network stack, process table, mount
		table.

		This is bleeding edge branch. For long term support version see
		sys-apps/firejail-lts.
	</longdescription>
	<upstream>
		<remote-id type="sourceforge">firejail</remote-id>
	</upstream>
	<use>
		<flag name="apparmor">Enable support for custom AppArmor
			profiles</flag>
		<flag name="bind">Enable custom bind mounts</flag>
		<flag name="chroot">Enable chrooting to custom directory</flag>
		<flag name="contrib">Install contrib scripts</flag>
		<flag name="file-transfer">Enable file transfers between sandboxes and
			the host system</flag>
		<flag name="network">Enable networking features</flag>
		<flag name="network-restricted">Grant access to --interface,
			--net=ethXXX and --netfilter only to root user; regular users are
			only allowed --net=none</flag>
		<flag name="seccomp">Enable system call filtering</flag>
		<flag name="userns">Enable attaching a new user namespace to a
			sandbox (--noroot option)</flag>
		<flag name="x11">Enable X11 sandboxing</flag>
	</use>
</pkgmetadata>