38 lines
1.5 KiB
XML
38 lines
1.5 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
|
<pkgmetadata>
|
|
<maintainer type="person">
|
|
<email>aidecoe@gentoo.org</email>
|
|
<name>Amadeusz Żołnowski</name>
|
|
</maintainer>
|
|
<longdescription lang="en">
|
|
Firejail is a SUID program that reduces the risk of security breaches
|
|
by restricting the running environment of untrusted applications using
|
|
Linux namespaces and seccomp-bpf. It allows a process and all its
|
|
descendants to have their own private view of the globally shared
|
|
kernel resources, such as the network stack, process table, mount
|
|
table.
|
|
|
|
This is bleeding edge branch. For long term support version see
|
|
sys-apps/firejail-lts.
|
|
</longdescription>
|
|
<upstream>
|
|
<remote-id type="sourceforge">firejail</remote-id>
|
|
</upstream>
|
|
<use>
|
|
<flag name="apparmor">Enable support for custom AppArmor
|
|
profiles</flag>
|
|
<flag name="bind">Enable custom bind mounts</flag>
|
|
<flag name="chroot">Enable chrooting to custom directory</flag>
|
|
<flag name="file-transfer">Enable file transfers between sandboxes and
|
|
the host system</flag>
|
|
<flag name="network">Enable networking features</flag>
|
|
<flag name="network-restricted">Grant access to --interface,
|
|
--net=ethXXX and --netfilter only to root user; regular users are
|
|
only allowed --net=none</flag>
|
|
<flag name="seccomp">Enable system call filtering</flag>
|
|
<flag name="userns">Enable attaching a new user namespace to a
|
|
sandbox (--noroot option)</flag>
|
|
<flag name="x11">Enable X11 sandboxing</flag>
|
|
</use>
|
|
</pkgmetadata>
|