sys-apps/firejail/metadata.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<maintainer type="person">
		<email>aidecoe@gentoo.org</email>
		<name>Amadeusz Żołnowski</name>
	</maintainer>
	<longdescription lang="en">
		Firejail is a SUID program that reduces the risk of security breaches
		by restricting the running environment of untrusted applications using
		Linux namespaces and seccomp-bpf. It allows a process and all its
		descendants to have their own private view of the globally shared
		kernel resources, such as the network stack, process table, mount
		table.
	</longdescription>
	<upstream>
		<remote-id type="sourceforge">firejail</remote-id>
	</upstream>
	<use>
		<flag name="apparmor">Enable support for custom AppArmor
			profiles</flag>
		<flag name="bind">Enable custom bind mounts</flag>
		<flag name="chroot">Enable chrooting to custom directory</flag>
		<flag name="file-transfer">Enable file transfers between sandboxes and
			the host system</flag>
		<flag name="network">Enable networking features</flag>
		<flag name="network-restricted">Grant access to --interface,
			--net=ethXXX and --netfilter only to root user; regular users are
			only allowed --net=none</flag>
		<flag name="seccomp">Enable system call filtering</flag>
		<flag name="userns">Enable attaching a new user namespace to a
			sandbox (--noroot option)</flag>
		<flag name="x11">Enable X11 sandboxing</flag>
	</use>
</pkgmetadata>