diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /sys-apps/firejail/metadata.xml |
reinit the tree, so we can have metadata
Diffstat (limited to 'sys-apps/firejail/metadata.xml')
-rw-r--r-- | sys-apps/firejail/metadata.xml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/sys-apps/firejail/metadata.xml b/sys-apps/firejail/metadata.xml new file mode 100644 index 000000000000..395160fe3935 --- /dev/null +++ b/sys-apps/firejail/metadata.xml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>aidecoe@gentoo.org</email> + <name>Amadeusz Żołnowski</name> + </maintainer> + <longdescription lang="en"> + Firejail is a SUID program that reduces the risk of security breaches + by restricting the running environment of untrusted applications using + Linux namespaces and seccomp-bpf. It allows a process and all its + descendants to have their own private view of the globally shared + kernel resources, such as the network stack, process table, mount + table. + + This is bleeding edge branch. For long term support version see + sys-apps/firejail-lts. + </longdescription> + <upstream> + <remote-id type="sourceforge">firejail</remote-id> + </upstream> + <use> + <flag name="apparmor">Enable support for custom AppArmor + profiles</flag> + <flag name="bind">Enable custom bind mounts</flag> + <flag name="chroot">Enable chrooting to custom directory</flag> + <flag name="contrib">Install contrib scripts</flag> + <flag name="file-transfer">Enable file transfers between sandboxes and + the host system</flag> + <flag name="network">Enable networking features</flag> + <flag name="network-restricted">Grant access to --interface, + --net=ethXXX and --netfilter only to root user; regular users are + only allowed --net=none</flag> + <flag name="seccomp">Enable system call filtering</flag> + <flag name="userns">Enable attaching a new user namespace to a + sandbox (--noroot option)</flag> + <flag name="x11">Enable X11 sandboxing</flag> + </use> +</pkgmetadata> |