various fixes and improvements

- install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles
author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-08-22 13:04:24 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-08-22 13:04:24 +0200
commit: 8dfe3eb5656e17af51d700038cb2bc29a9a53a0c (patch)
tree: 4b98edf23ce15da6c67ee928465773505bfcfac2
parent: Enable private-bin in transmission-daemon (diff)
download: firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.tar.gz
firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.tar.zst
firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.zip
7 files changed, 20 insertions, 10 deletions
diff --git a/Makefile.in b/Makefile.in
index c6bacff31..ebfbac318 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -116,6 +116,7 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes)
        install -c -m 0755 contrib/fjresize.py $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 contrib/fj-mkdeb.py $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 contrib/sort.py $(DESTDIR)/$(libdir)/firejail/.
+        install -c -m 0755 contrib/syscalls.sh $(DESTDIR)/$(libdir)/firejail/.
 endif
        # documents
        install -m 0755 -d $(DESTDIR)/$(DOCDIR)
diff --git a/README.md b/README.md
index 9e0116350..b97d73e67 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,8 @@ Wiki: https://github.com/netblue30/firejail/wiki
 Travis-CI status: https://travis-ci.org/netblue30/firejail
+GitLab-CI status: https://gitlab.com/Firejail/firejail_ci/pipelines/
 ## Security vulnerabilities
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index e1762719f..5fc65193a 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -284,8 +284,7 @@ read-only ${HOME}/bin
 read-only ${HOME}/.bin
 read-only ${HOME}/.local/bin
 read-only ${HOME}/.cargo/bin
-blacklist ${HOME}/.cargo/registry
+read-only ${HOME}/.cargo/env
-blacklist ${HOME}/.cargo/config
 # Write-protection for desktop entries
 read-only ${HOME}/.config/menus
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index d4808f413..260d317d1 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -52,6 +52,8 @@ blacklist ${HOME}/.bibletime
 blacklist ${HOME}/.bitcoin
 blacklist ${HOME}/.bogofilter
 blacklist ${HOME}/.bzf
+blacklist ${HOME}/.cargo/registry
+blacklist ${HOME}/.cargo/config
 blacklist ${HOME}/.claws-mail
 blacklist ${HOME}/.cliqz
 blacklist ${HOME}/.clonk
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt
index b418faa15..2887a6c53 100644
--- a/src/man/firecfg.txt
+++ b/src/man/firecfg.txt
@@ -42,7 +42,7 @@ The following actions are implemented by default by running sudo firecfg:
 .br
 .br
-fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
+- fix desktop files in $HOME/.local/share/applications/ (firecfg --fix).
 .RE
 .SH OPTIONS
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 74f99b538..3db8c782d 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -75,7 +75,13 @@ Child process initialized
 .RE
 .SH Templates
-Templates for writing own profiles can be found in /usr/share/doc/firejail.
+In /usr/share/doc/firejail there are two templates to write new profiles.
+.RS
+profile.template - for regular profiles
+.br
+redirect_alias-profile.template - for aliasing/redirecting profiles
+.RE
 .SH Scripting
 Scripting commands:
@@ -144,7 +150,7 @@ Ignore command.
 Example: "ignore seccomp"
 .br
-Example: "ignore net ehh0"
+Example: "ignore net eth0"
 .TP
 \fBquiet
@@ -154,10 +160,10 @@ Example: "quiet"
 .SH Filesystem
 These profile entries define a chroot filesystem built on top of the existing
-host filesystem. Each line describes a file element that is removed from
+host filesystem. Each line describes a file/directory that is inaccessible
-the filesystem (\fBblacklist\fR), a read-only file or directory (\fBread-only\fR),
+(\fBblacklist\fR), a read-only file or directory (\fBread-only\fR),
 a tmpfs mounted on top of an existing directory (\fBtmpfs\fR),
-or mount-bind a directory  or file on top of another directory or file (\fBbind\fR).
+or mount-bind a directory or file on top of another directory or file (\fBbind\fR).
 Use \fBprivate\fR to set private mode.
 File globbing is supported, and PATH and HOME directories are searched.
 Examples:
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 951618669..86b76f58f 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -71,10 +71,10 @@ If an appropriate profile is not found, Firejail will use a default profile.
 The default profile is quite restrictive. In case the application doesn't work, use --noprofile option
 to disable it. For more information, please see \fBSECURITY PROFILES\fR section below.
 .PP
-If a program argument is not specified, Firejail starts /bin/bash shell.
+If a program argument is not specified, Firejail starts the default shell from the current user.
 Examples:
 .PP
-$ firejail [OPTIONS]                # starting a /bin/bash shell
+$ firejail [OPTIONS]                # starting the user default shell (normally /bin/bash)
 .PP
 $ firejail [OPTIONS] firefox        # starting Mozilla Firefox
 .PP
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-08-22 13:04:24 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-08-22 13:04:24 +0200
commit	8dfe3eb5656e17af51d700038cb2bc29a9a53a0c (patch)
tree	4b98edf23ce15da6c67ee928465773505bfcfac2
parent	Enable private-bin in transmission-daemon (diff)
download	firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.tar.gz firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.tar.zst firejail-8dfe3eb5656e17af51d700038cb2bc29a9a53a0c.zip