diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-03 17:51:17 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-03 17:51:17 +0200 |
commit | a954cb2162995d6d2530d0f5a45c2c19454dac25 (patch) | |
tree | 17de900e1c1dcdd97e1980dfb44548e9ec294ad2 | |
parent | seccomp/join fix (diff) | |
download | firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.tar.gz firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.tar.zst firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.zip |
allow using wruc on any program
@glitsj16 thanks for the pointer that we now have whitelist globbing
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/whitelist-runuser-common.inc | 1 |
2 files changed, 2 insertions, 0 deletions
@@ -4,6 +4,7 @@ firejail (0.9.63) baseline; urgency=low | |||
4 | * SELinux labeling support | 4 | * SELinux labeling support |
5 | * 32-bit seccomp filter | 5 | * 32-bit seccomp filter |
6 | * restrict ${RUNUSER} in serveral profiles | 6 | * restrict ${RUNUSER} in serveral profiles |
7 | * whitelist globbing | ||
7 | * new condition: HAS_NOSOUND | 8 | * new condition: HAS_NOSOUND |
8 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster | 9 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster |
9 | * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl | 10 | * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl |
diff --git a/etc/whitelist-runuser-common.inc b/etc/whitelist-runuser-common.inc index de59d03d3..9ffd3d5be 100644 --- a/etc/whitelist-runuser-common.inc +++ b/etc/whitelist-runuser-common.inc | |||
@@ -6,5 +6,6 @@ include whitelist-runuser-common.local | |||
6 | whitelist ${RUNUSER}/bus | 6 | whitelist ${RUNUSER}/bus |
7 | whitelist ${RUNUSER}/dconf | 7 | whitelist ${RUNUSER}/dconf |
8 | whitelist ${RUNUSER}/gdm/Xauthority | 8 | whitelist ${RUNUSER}/gdm/Xauthority |
9 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* | ||
9 | whitelist ${RUNUSER}/pulse/native | 10 | whitelist ${RUNUSER}/pulse/native |
10 | whitelist ${RUNUSER}/wayland-0 | 11 | whitelist ${RUNUSER}/wayland-0 |