| 123456789101112131415161718192021222324252627282930313233343536373839 |
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
- <pkgmetadata>
- <maintainer type="person">
- <email>aidecoe@gentoo.org</email>
- <name>Amadeusz Żołnowski</name>
- </maintainer>
- <longdescription lang="en">
- Firejail is a SUID program that reduces the risk of security breaches
- by restricting the running environment of untrusted applications using
- Linux namespaces and seccomp-bpf. It allows a process and all its
- descendants to have their own private view of the globally shared
- kernel resources, such as the network stack, process table, mount
- table.
- This is bleeding edge branch. For long term support version see
- sys-apps/firejail-lts.
- </longdescription>
- <upstream>
- <remote-id type="sourceforge">firejail</remote-id>
- </upstream>
- <use>
- <flag name="apparmor">Enable support for custom AppArmor
- profiles</flag>
- <flag name="bind">Enable custom bind mounts</flag>
- <flag name="chroot">Enable chrooting to custom directory</flag>
- <flag name="file-transfer">Enable file transfers between sandboxes and
- the host system</flag>
- <flag name="network">Enable networking features</flag>
- <flag name="network-restricted">Grant access to --interface,
- --net=ethXXX and --netfilter only to root user; regular users are
- only allowed --net=none</flag>
- <flag name="seccomp">Enable system call filtering</flag>
- <flag name="userns">Enable attaching a new user namespace to a
- sandbox (--noroot option)</flag>
- <flag name="x11">Enable X11 sandboxing</flag>
- </use>
- </pkgmetadata>
|
