aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorRahiel Kasim <rahielkasim@gmail.com>2017-02-01 15:45:00 +0100
committerRahiel Kasim <rahielkasim@gmail.com>2017-02-01 15:48:34 +0100
commit7836369eb20c130d0ace92e0493bb3279800aed0 (patch)
treea7a4cd6fd09f654a0a4850713208234e61b2d888
parent5899e131e44e6bc4b96e013021fbbc331e6a69fb (diff)
readme and packaging update, release 1.0.11.0.1
-rw-r--r--README.md36
-rwxr-xr-xfirectl.py7
-rwxr-xr-xrelease/make-deb.bash12
3 files changed, 33 insertions, 22 deletions
diff --git a/README.md b/README.md
index 83ed325..555045b 100644
--- a/README.md
+++ b/README.md
@@ -3,17 +3,13 @@ Firectl
[![License](https://img.shields.io/badge/License-GPLv2+-blue.svg)](https://github.com/rahiel/firectl/blob/master/LICENSE.txt)
-**Note**: Firejail 0.9.38 has a convenient
-[symlink invocation feature](https://l3net.wordpress.com/2016/02/04/firejail-0-9-38-release-announcement/)
-to integrate firejail in the desktop.
-
Firectl is a tool to integrate [firejail](https://firejail.wordpress.com/)
sandboxing in the Linux desktop. Enable firejail for an application and enjoy a
more secure desktop.
# Usage
-To see which applications can be enabled:
+To see which applications you can enable:
``` bash
firectl status
```
@@ -28,9 +24,22 @@ To disable firejail for a program:
sudo firectl disable firefox
```
-# Ubuntu/Debian
+After enabling a program, it will start within a firejail when launched via the
+menu or the file manager. To test if it's working: open a terminal and execute
+`watch firejail --list`. This lists all active firejail sandboxes. Then start an
+enabled application and look for it in that terminal. Note that applications
+launched from the terminal or from scripts will not be in a firejail, unless
+explicitly done so.
+
+# Alternative
+
+Firectl was made before Firejail had its own tool for desktop integration. Now
+firejail ships with a tool called `firecfg`. Look at its manual: `man firecfg`
+and decide if you still need firectl or if firecfg is enough.
+
+# Debian/Ubuntu
-For Ubuntu and Debian systems install the deb at
+For Debian and Ubuntu systems install the deb at
<https://github.com/rahiel/firectl/releases>.
# Other distro's
@@ -40,7 +49,9 @@ For Ubuntu and Debian systems install the deb at
Firectl works by modifying the system's desktop files, the files that tell the
system which user applications are installed and how to run them. When these
applications are updated, the desktop files are also updated, disabling
-firejail. The firectl settings need to be restored.
+firejail. The firectl settings need to be restored. (Note that for Debian/Ubuntu
+systems, installing the deb file takes care of this and no manual restoring is
+necessary.)
For now you have to manually restore firejail settings after upgrades:
``` bash
@@ -62,3 +73,12 @@ sudo firectl disable all
sudo pip3 uninstall firectl
sudo rm /etc/firejail/firectl.conf
```
+
+# More security
+
+If you require even more security, the next sensible step is to use an operating
+system that is built from the ground-up with security in mind. Notable examples
+are [Subgraph OS][] and [Qubes OS][].
+
+[Subgraph OS]: https://subgraph.com/sgos/index.en.html
+[Qubes OS]: https://www.qubes-os.org/
diff --git a/firectl.py b/firectl.py
index 0e4ee18..d7c45d0 100755
--- a/firectl.py
+++ b/firectl.py
@@ -1,5 +1,4 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
+#!/usr/bin/env python3
# firectl - integrate firejail sandboxing in the Linux desktop
# Copyright (C) 2015-2017 Rahiel Kasim
#
@@ -21,7 +20,7 @@ from difflib import get_close_matches
import click
-__version__ = "1.0"
+__version__ = "1.0.1"
profile_path = "/etc/firejail/"
@@ -206,5 +205,5 @@ def restore():
enable.callback(conf, update_config=False)
-if __name__ == '__main__':
+if __name__ == "__main__":
cli()
diff --git a/release/make-deb.bash b/release/make-deb.bash
index 2dee346..6b2f82f 100755
--- a/release/make-deb.bash
+++ b/release/make-deb.bash
@@ -1,21 +1,13 @@
#!/usr/bin/env bash
-OS=$1
-
-if [[ $OS = 'debian' ]]; then
- echo 'Building deb for Debian'
- click='python3-click'
-else
- echo 'Building deb for Ubuntu'
- click='python3-click-cli'
-fi
fpm -s python -t deb \
--python-bin python3 --python-pip pip3 \
-n 'firectl' \
-d 'firejail' -d 'python3' \
- -d $click --no-python-dependencies \
+ -d 'python3-click' --no-python-dependencies \
--python-install-bin '/usr/bin' \
--python-install-lib '/usr/lib/python3/dist-packages' \
+ --exclude '*pycache*' \
--after-install 'deb-postinst.sh' \
--deb-interest '/usr/share/applications' \
--before-remove 'deb-prerm.sh' \