diff options
author | netblue30 <netblue30@protonmail.com> | 2021-03-01 07:41:33 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-03-01 07:41:33 -0500 |
commit | 9b56dc8e94cf2313baf19e5847a0631231497c93 (patch) | |
tree | c9d9c99c496088932f9816826a3c75f6fd15e893 | |
parent | retiring --audit (replaced by jailtest) (diff) | |
download | firejail-9b56dc8e94cf2313baf19e5847a0631231497c93.tar.gz firejail-9b56dc8e94cf2313baf19e5847a0631231497c93.tar.zst firejail-9b56dc8e94cf2313baf19e5847a0631231497c93.zip |
some cleanup
-rw-r--r-- | RELNOTES | 10 | ||||
-rw-r--r-- | src/firejail/checkcfg.c | 29 | ||||
-rw-r--r-- | src/firejail/usage.c | 6 |
3 files changed, 28 insertions, 17 deletions
@@ -1,13 +1,17 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
2 | * filtering environment variables | 2 | * filtering environment variables |
3 | * zsh completion | 3 | * zsh completion |
4 | * --mkdir, --mkfile | 4 | * command line: --mkdir, --mkfile |
5 | * protocol now accumulates | 5 | * --protocol now accumulates |
6 | * Jolla/SailfishOS patches | 6 | * Jolla/SailfishOS patches |
7 | * private-lib rework | 7 | * private-lib rework |
8 | * jailtest | 8 | * jailtest utility for testing running sandboxes |
9 | * removed --audit options, relpaced by jailtest | ||
9 | * capabilities list update | 10 | * capabilities list update |
10 | * faccessat2 syscall support | 11 | * faccessat2 syscall support |
12 | * compile time: --enable-force-nonewprivs | ||
13 | * compile time: --disable-output | ||
14 | * compile time: --enable-lts | ||
11 | * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng | 15 | * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng |
12 | * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, | 16 | * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, |
13 | * avidemux, calligragemini, vmware-player, vmware-workstation | 17 | * avidemux, calligragemini, vmware-player, vmware-workstation |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index a277e76d9..e1613b325 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
@@ -269,6 +269,14 @@ errout: | |||
269 | 269 | ||
270 | void print_compiletime_support(void) { | 270 | void print_compiletime_support(void) { |
271 | printf("Compile time support:\n"); | 271 | printf("Compile time support:\n"); |
272 | printf("\t- Always force nonewprivs support is %s\n", | ||
273 | #ifdef HAVE_FORCE_NONEWPRIVS | ||
274 | "enabled" | ||
275 | #else | ||
276 | "disabled" | ||
277 | #endif | ||
278 | ); | ||
279 | |||
272 | printf("\t- AppArmor support is %s\n", | 280 | printf("\t- AppArmor support is %s\n", |
273 | #ifdef HAVE_APPARMOR | 281 | #ifdef HAVE_APPARMOR |
274 | "enabled" | 282 | "enabled" |
@@ -333,6 +341,13 @@ void print_compiletime_support(void) { | |||
333 | #endif | 341 | #endif |
334 | ); | 342 | ); |
335 | 343 | ||
344 | printf("\t- output logging is %s\n", | ||
345 | #ifdef HAVE_OUTPUT | ||
346 | "enabled" | ||
347 | #else | ||
348 | "disabled" | ||
349 | #endif | ||
350 | ); | ||
336 | printf("\t- overlayfs support is %s\n", | 351 | printf("\t- overlayfs support is %s\n", |
337 | #ifdef HAVE_OVERLAYFS | 352 | #ifdef HAVE_OVERLAYFS |
338 | "enabled" | 353 | "enabled" |
@@ -381,19 +396,5 @@ void print_compiletime_support(void) { | |||
381 | #endif | 396 | #endif |
382 | ); | 397 | ); |
383 | 398 | ||
384 | printf("\t- output logging is %s\n", | ||
385 | #ifdef HAVE_OUTPUT | ||
386 | "enabled" | ||
387 | #else | ||
388 | "disabled" | ||
389 | #endif | ||
390 | ); | ||
391 | 399 | ||
392 | printf("\t- Always force nonewprivs support is %s\n", | ||
393 | #ifdef HAVE_FORCE_NONEWPRIVS | ||
394 | "enabled" | ||
395 | #else | ||
396 | "disabled" | ||
397 | #endif | ||
398 | ); | ||
399 | } | 400 | } |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 8f9cc065f..a9acd7692 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
@@ -55,6 +55,7 @@ static char *usage_str = | |||
55 | #endif | 55 | #endif |
56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" | 56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" |
57 | " --cpu.print=name|pid - print the cpus in use.\n" | 57 | " --cpu.print=name|pid - print the cpus in use.\n" |
58 | #ifdef HAVE_DBUSPROXy | ||
58 | " --dbus-log=file - set DBus log file location.\n" | 59 | " --dbus-log=file - set DBus log file location.\n" |
59 | " --dbus-system=filter|none - set system DBus access policy.\n" | 60 | " --dbus-system=filter|none - set system DBus access policy.\n" |
60 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" | 61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" |
@@ -70,6 +71,7 @@ static char *usage_str = | |||
70 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" | 71 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" |
71 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" | 72 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" |
72 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" | 73 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" |
74 | #endif | ||
73 | " --debug - print sandbox debug messages.\n" | 75 | " --debug - print sandbox debug messages.\n" |
74 | " --debug-blacklists - debug blacklisting.\n" | 76 | " --debug-blacklists - debug blacklisting.\n" |
75 | " --debug-caps - print all recognized capabilities.\n" | 77 | " --debug-caps - print all recognized capabilities.\n" |
@@ -162,14 +164,18 @@ static char *usage_str = | |||
162 | " --novideo - disable video devices.\n" | 164 | " --novideo - disable video devices.\n" |
163 | " --nou2f - disable U2F devices.\n" | 165 | " --nou2f - disable U2F devices.\n" |
164 | " --nowhitelist=filename - disable whitelist for file or directory.\n" | 166 | " --nowhitelist=filename - disable whitelist for file or directory.\n" |
167 | #ifdef HAVE_OUTPUT | ||
165 | " --output=logfile - stdout logging and log rotation.\n" | 168 | " --output=logfile - stdout logging and log rotation.\n" |
166 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | 169 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" |
170 | #endif | ||
171 | #ifdef HAVE_OVERLAYFS | ||
167 | " --overlay - mount a filesystem overlay on top of the current filesystem.\n" | 172 | " --overlay - mount a filesystem overlay on top of the current filesystem.\n" |
168 | " --overlay-named=name - mount a filesystem overlay on top of the current\n" | 173 | " --overlay-named=name - mount a filesystem overlay on top of the current\n" |
169 | "\tfilesystem, and store it in name directory.\n" | 174 | "\tfilesystem, and store it in name directory.\n" |
170 | " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" | 175 | " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" |
171 | "\tcurrent filesystem.\n" | 176 | "\tcurrent filesystem.\n" |
172 | " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" | 177 | " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" |
178 | #endif | ||
173 | " --private - temporary home directory.\n" | 179 | " --private - temporary home directory.\n" |
174 | " --private=directory - use directory as user home.\n" | 180 | " --private=directory - use directory as user home.\n" |
175 | " --private-cache - temporary ~/.cache directory.\n" | 181 | " --private-cache - temporary ~/.cache directory.\n" |