|
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
|
|
|
<pkgmetadata>
|
|
|
|
<maintainer type="person">
|
|
|
|
<email>hlein@korelogic.com</email>
|
|
|
|
<name>Hank Leininger</name>
|
|
|
|
</maintainer>
|
|
|
|
<maintainer type="project">
|
|
|
|
<email>proxy-maint@gentoo.org</email>
|
|
|
|
<name>Proxy Maintainers</name>
|
|
|
|
</maintainer>
|
|
|
|
<longdescription lang="en">
|
|
|
|
Firejail is a SUID program that reduces the risk of security breaches by restricting the running environment of
|
|
|
|
untrusted applications using Linux namespaces and seccomp-bpf. It allows a process and all its descendants to
|
|
|
|
have their own private view of the globally shared kernel resources, such as the network stack, process table,
|
|
|
|
mount table.
|
|
|
|
|
|
|
|
This is the regular version. For a long term support version see sys-apps/firejail-lts.
|
|
|
|
</longdescription>
|
|
|
|
<upstream>
|
|
|
|
<remote-id type="cpe">cpe:/a:firejail_project:firejail</remote-id>
|
|
|
|
<remote-id type="github">netblue30/firejail</remote-id>
|
|
|
|
</upstream>
|
|
|
|
<use>
|
|
|
|
<flag name="apparmor">Enable support for custom AppArmor profiles</flag>
|
|
|
|
<flag name="chroot">Enable chrooting to custom directory</flag>
|
|
|
|
<flag name="contrib">Install contrib scripts</flag>
|
|
|
|
<flag name="dbusproxy">Enable DBus proxying to filter access in supporting profiles</flag>
|
|
|
|
<flag name="file-transfer">Enable file transfers between sandboxes and the host system</flag>
|
|
|
|
<flag name="globalcfg">Enable global config file</flag>
|
|
|
|
<flag name="network">Enable networking features</flag>
|
|
|
|
<flag name="overlayfs">Enable overlayfs</flag>
|
|
|
|
<flag name="private-home">Enable private home feature</flag>
|
|
|
|
<flag name="seccomp">Enable system call filtering</flag>
|
|
|
|
<flag name="userns">Enable attaching a new user namespace to a sandbox (--noroot option)</flag>
|
|
|
|
<flag name="whitelist">Enable whitelist</flag>
|
|
|
|
<flag name="x11">Enable X11 sandboxing</flag>
|
|
|
|
</use>
|
|
|
|
</pkgmetadata>
|