updates

author: netblue30 <netblue30@protonmail.com> 2021-12-28 13:55:47 -0500
committer: netblue30 <netblue30@protonmail.com> 2021-12-28 13:55:47 -0500
commit: 15759cb51cf1a5fd2edfa9a386b86759b0a30888 (patch)
tree: 91bad51cde9907dc143e8618634e582b60869712
parent: Merge pull request #4740 from WhyNotHugo/whitelist-ro (diff)
download: firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.tar.gz
firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.tar.zst
firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.zip
5 files changed, 46 insertions, 0 deletions
diff --git a/README b/README
index 97d47a857..e3b1f223a 100644
--- a/README
+++ b/README
@@ -564,6 +564,7 @@ Jose Riha (https://github.com/jose1711)
        - drop noinput for games with gampad/joystick support
        - goldendict profile fix
        - whitelist /usr/share/nextcloud to allow access to translation files
+        - fix clipgrab profile
 jrabe (https://github.com/jrabe)
        - disallow access to kdbx files
        - Epiphany profile
@@ -1108,6 +1109,7 @@ Vladislav Nepogodin (https://github.com/vnepogodin)
        - CachyBrowser profile
 Hugo Osvaldo Barrera (https://github.com/WhyNotHugo)
        - Skype profile tweaks
+        - whitelist-ro command
 xee5ch (https://github.com/xee5ch)
        - skypeforlinux profile
 York Zhao (https://github.com/YorkZ)
diff --git a/RELNOTES b/RELNOTES
index d0211ce27..71dde7020 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -6,6 +6,7 @@ firejail (0.9.67) baseline; urgency=low
     --deterministic-shutdown) (#4635)
  * noprinters command (#4607)
  * network monitor (--nettrace)
+  * whitelist-ro profile command
  * build: firecfg.config is now installed to /etc/firejail/ (#4669)
  * removed --disable-whitelist at compile time
  * removed whitelist=yes/no in /etc/firejail/firejail.config
diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h
index 9c34e17ca..699382838 100644
--- a/src/fnettrace/fnettrace.h
+++ b/src/fnettrace/fnettrace.h
@@ -1,3 +1,22 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
 #ifndef FNETTRACE_H
 #define FNETTRACE_H
diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c
index f036d0c9e..9cbdc290d 100644
--- a/src/fnettrace/main.c
+++ b/src/fnettrace/main.c
@@ -1,3 +1,22 @@
+/*
+ * Copyright (C) 2014-2021 Firejail Authors
+ *
+ * This file is part of firejail project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
 #include "fnettrace.h"
 #define MAX_BUF_SIZE (64 * 1024)
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 9c251ec34..e35f2837b 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -436,6 +436,11 @@ all directories in /usr.
 .br
 Symbolic link handling: with the exception of user home, both the link and the real file should be in
 the same top directory. For user home, both the link and the real file should be owned by the user.
+.TP
+\fBwhitelist-ro file_or_directory
+Equivalent to "whitelist file_or_directory" followed by "read-only file_or_directory"
 .TP
 \fBwritable-etc
 Mount /etc directory read-write.
author	netblue30 <netblue30@protonmail.com>	2021-12-28 13:55:47 -0500
committer	netblue30 <netblue30@protonmail.com>	2021-12-28 13:55:47 -0500
commit	15759cb51cf1a5fd2edfa9a386b86759b0a30888 (patch)
tree	91bad51cde9907dc143e8618634e582b60869712
parent	Merge pull request #4740 from WhyNotHugo/whitelist-ro (diff)
download	firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.tar.gz firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.tar.zst firejail-15759cb51cf1a5fd2edfa9a386b86759b0a30888.zip

diff --git a/README b/README index 97d47a857..e3b1f223a 100644 --- a/README +++ b/README
@@ -564,6 +564,7 @@ Jose Riha (https://github.com/jose1711)
564	- drop noinput for games with gampad/joystick support	564	- drop noinput for games with gampad/joystick support
565	- goldendict profile fix	565	- goldendict profile fix
566	- whitelist /usr/share/nextcloud to allow access to translation files	566	- whitelist /usr/share/nextcloud to allow access to translation files
		567	- fix clipgrab profile
567	jrabe (https://github.com/jrabe)	568	jrabe (https://github.com/jrabe)
568	- disallow access to kdbx files	569	- disallow access to kdbx files
569	- Epiphany profile	570	- Epiphany profile
@@ -1108,6 +1109,7 @@ Vladislav Nepogodin (https://github.com/vnepogodin)
1108	- CachyBrowser profile	1109	- CachyBrowser profile
1109	Hugo Osvaldo Barrera (https://github.com/WhyNotHugo)	1110	Hugo Osvaldo Barrera (https://github.com/WhyNotHugo)
1110	- Skype profile tweaks	1111	- Skype profile tweaks
		1112	- whitelist-ro command
1111	xee5ch (https://github.com/xee5ch)	1113	xee5ch (https://github.com/xee5ch)
1112	- skypeforlinux profile	1114	- skypeforlinux profile
1113	York Zhao (https://github.com/YorkZ)	1115	York Zhao (https://github.com/YorkZ)


diff --git a/RELNOTES b/RELNOTES index d0211ce27..71dde7020 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -6,6 +6,7 @@ firejail (0.9.67) baseline; urgency=low
6	--deterministic-shutdown) (#4635)	6	--deterministic-shutdown) (#4635)
7	* noprinters command (#4607)	7	* noprinters command (#4607)
8	* network monitor (--nettrace)	8	* network monitor (--nettrace)
		9	* whitelist-ro profile command
9	* build: firecfg.config is now installed to /etc/firejail/ (#4669)	10	* build: firecfg.config is now installed to /etc/firejail/ (#4669)
10	* removed --disable-whitelist at compile time	11	* removed --disable-whitelist at compile time
11	* removed whitelist=yes/no in /etc/firejail/firejail.config	12	* removed whitelist=yes/no in /etc/firejail/firejail.config


diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index 9c34e17ca..699382838 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h
@@ -1,3 +1,22 @@
		1	/*
		2	* Copyright (C) 2014-2021 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
1	#ifndef FNETTRACE_H	20	#ifndef FNETTRACE_H
2	#define FNETTRACE_H	21	#define FNETTRACE_H
3		22


diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index f036d0c9e..9cbdc290d 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c
@@ -1,3 +1,22 @@
		1	/*
		2	* Copyright (C) 2014-2021 Firejail Authors
		3	*
		4	* This file is part of firejail project
		5	*
		6	* This program is free software; you can redistribute it and/or modify
		7	* it under the terms of the GNU General Public License as published by
		8	* the Free Software Foundation; either version 2 of the License, or
		9	* (at your option) any later version.
		10	*
		11	* This program is distributed in the hope that it will be useful,
		12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
		13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
		14	* GNU General Public License for more details.
		15	*
		16	* You should have received a copy of the GNU General Public License along
		17	* with this program; if not, write to the Free Software Foundation, Inc.,
		18	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
		19	*/
1	#include "fnettrace.h"	20	#include "fnettrace.h"
2	#define MAX_BUF_SIZE (64 * 1024)	21	#define MAX_BUF_SIZE (64 * 1024)
3		22


diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9c251ec34..e35f2837b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt
@@ -436,6 +436,11 @@ all directories in /usr.
436	.br	436	.br
437	Symbolic link handling: with the exception of user home, both the link and the real file should be in	437	Symbolic link handling: with the exception of user home, both the link and the real file should be in
438	the same top directory. For user home, both the link and the real file should be owned by the user.	438	the same top directory. For user home, both the link and the real file should be owned by the user.
		439
		440	.TP
		441	\fBwhitelist-ro file_or_directory
		442	Equivalent to "whitelist file_or_directory" followed by "read-only file_or_directory"
		443
439	.TP	444	.TP
440	\fBwritable-etc	445	\fBwritable-etc
441	Mount /etc directory read-write.	446	Mount /etc directory read-write.