diff options
author | netblue30 <netblue30@yahoo.com> | 2016-01-29 09:20:19 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-01-29 09:20:19 -0500 |
commit | cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (patch) | |
tree | 426cde92e5016d41ad61a98c2891d319756d959c | |
parent | Centos 6 support (diff) | |
download | firejail-cd0ecfc7a7b30abde20db6dea505cd8c58e7c046.tar.gz firejail-cd0ecfc7a7b30abde20db6dea505cd8c58e7c046.tar.zst firejail-cd0ecfc7a7b30abde20db6dea505cd8c58e7c046.zip |
0.9.38-rc1 testing
-rw-r--r-- | RELNOTES | 3 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/disable-common.inc | 7 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 14 | ||||
-rw-r--r-- | src/firejail/fs_var.c | 6 |
7 files changed, 30 insertions, 22 deletions
@@ -3,6 +3,7 @@ firejail (0.9.37) baseline; urgency=low | |||
3 | * --join command enhancement (--join-network, --join-filesystem) | 3 | * --join command enhancement (--join-network, --join-filesystem) |
4 | * added --user command | 4 | * added --user command |
5 | * added --disable-network and --disable-userns compile time flags | 5 | * added --disable-network and --disable-userns compile time flags |
6 | * Centos 6 support | ||
6 | * symlink invocation | 7 | * symlink invocation |
7 | * added KMail, Seamonkey, Telegram, Mathematica, uGet profiles | 8 | * added KMail, Seamonkey, Telegram, Mathematica, uGet profiles |
8 | * --chroot in user mode allowed only if seccomp support is available | 9 | * --chroot in user mode allowed only if seccomp support is available |
@@ -11,7 +12,7 @@ firejail (0.9.37) baseline; urgency=low | |||
11 | * --tmpfs option allowed only running as root | 12 | * --tmpfs option allowed only running as root |
12 | * added --private-tmp option | 13 | * added --private-tmp option |
13 | * bugfixes | 14 | * bugfixes |
14 | -- netblue30 <netblue30@yahoo.com> Sun, 24 Jan 2016 20:00:00 -0500 | 15 | -- netblue30 <netblue30@yahoo.com> Fri, 29 Jan 2016 20:00:00 -0500 |
15 | 16 | ||
16 | firejail (0.9.36) baseline; urgency=low | 17 | firejail (0.9.36) baseline; urgency=low |
17 | * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, | 18 | * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.37. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.38-rc1. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.37' | 583 | PACKAGE_VERSION='0.9.38-rc1' |
584 | PACKAGE_STRING='firejail 0.9.37' | 584 | PACKAGE_STRING='firejail 0.9.38-rc1' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1242,7 +1242,7 @@ if test "$ac_init_help" = "long"; then | |||
1242 | # Omit some internal or obsolete options to make the list less imposing. | 1242 | # Omit some internal or obsolete options to make the list less imposing. |
1243 | # This message is too long to be a string in the A/UX 3.1 sh. | 1243 | # This message is too long to be a string in the A/UX 3.1 sh. |
1244 | cat <<_ACEOF | 1244 | cat <<_ACEOF |
1245 | \`configure' configures firejail 0.9.37 to adapt to many kinds of systems. | 1245 | \`configure' configures firejail 0.9.38-rc1 to adapt to many kinds of systems. |
1246 | 1246 | ||
1247 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1247 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1248 | 1248 | ||
@@ -1303,7 +1303,7 @@ fi | |||
1303 | 1303 | ||
1304 | if test -n "$ac_init_help"; then | 1304 | if test -n "$ac_init_help"; then |
1305 | case $ac_init_help in | 1305 | case $ac_init_help in |
1306 | short | recursive ) echo "Configuration of firejail 0.9.37:";; | 1306 | short | recursive ) echo "Configuration of firejail 0.9.38-rc1:";; |
1307 | esac | 1307 | esac |
1308 | cat <<\_ACEOF | 1308 | cat <<\_ACEOF |
1309 | 1309 | ||
@@ -1395,7 +1395,7 @@ fi | |||
1395 | test -n "$ac_init_help" && exit $ac_status | 1395 | test -n "$ac_init_help" && exit $ac_status |
1396 | if $ac_init_version; then | 1396 | if $ac_init_version; then |
1397 | cat <<\_ACEOF | 1397 | cat <<\_ACEOF |
1398 | firejail configure 0.9.37 | 1398 | firejail configure 0.9.38-rc1 |
1399 | generated by GNU Autoconf 2.69 | 1399 | generated by GNU Autoconf 2.69 |
1400 | 1400 | ||
1401 | Copyright (C) 2012 Free Software Foundation, Inc. | 1401 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1697,7 +1697,7 @@ cat >config.log <<_ACEOF | |||
1697 | This file contains any messages produced by compilers while | 1697 | This file contains any messages produced by compilers while |
1698 | running configure, to aid debugging if configure makes a mistake. | 1698 | running configure, to aid debugging if configure makes a mistake. |
1699 | 1699 | ||
1700 | It was created by firejail $as_me 0.9.37, which was | 1700 | It was created by firejail $as_me 0.9.38-rc1, which was |
1701 | generated by GNU Autoconf 2.69. Invocation command line was | 1701 | generated by GNU Autoconf 2.69. Invocation command line was |
1702 | 1702 | ||
1703 | $ $0 $@ | 1703 | $ $0 $@ |
@@ -4140,7 +4140,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4140 | # report actual input values of CONFIG_FILES etc. instead of their | 4140 | # report actual input values of CONFIG_FILES etc. instead of their |
4141 | # values after options handling. | 4141 | # values after options handling. |
4142 | ac_log=" | 4142 | ac_log=" |
4143 | This file was extended by firejail $as_me 0.9.37, which was | 4143 | This file was extended by firejail $as_me 0.9.38-rc1, which was |
4144 | generated by GNU Autoconf 2.69. Invocation command line was | 4144 | generated by GNU Autoconf 2.69. Invocation command line was |
4145 | 4145 | ||
4146 | CONFIG_FILES = $CONFIG_FILES | 4146 | CONFIG_FILES = $CONFIG_FILES |
@@ -4194,7 +4194,7 @@ _ACEOF | |||
4194 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4194 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4195 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4195 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4196 | ac_cs_version="\\ | 4196 | ac_cs_version="\\ |
4197 | firejail config.status 0.9.37 | 4197 | firejail config.status 0.9.38-rc1 |
4198 | configured by $0, generated by GNU Autoconf 2.69, | 4198 | configured by $0, generated by GNU Autoconf 2.69, |
4199 | with options \\"\$ac_cs_config\\" | 4199 | with options \\"\$ac_cs_config\\" |
4200 | 4200 | ||
diff --git a/configure.ac b/configure.ac index 5cd3ef6f0..c605ba01d 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.37, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.38-rc1, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index b470928e7..f38c751af 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -120,3 +120,10 @@ read-only ${HOME}/.xmonad | |||
120 | # The user ~/bin directory can override commands such as ls | 120 | # The user ~/bin directory can override commands such as ls |
121 | read-only ${HOME}/bin | 121 | read-only ${HOME}/bin |
122 | 122 | ||
123 | # disable terminals running as server | ||
124 | blacklist ${PATH}/lxterminal | ||
125 | blacklist ${PATH}/gnome-terminal | ||
126 | blacklist ${PATH}/gnome-terminal.wrapper | ||
127 | blacklist ${PATH}/xfce4-terminal | ||
128 | blacklist ${PATH}/xfce4-terminal.wrapper | ||
129 | blacklist ${PATH}/konsole | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index b0add91e2..164e3368b 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -963,7 +963,7 @@ void fs_private_tmp(void) { | |||
963 | // mount tmpfs on top of /run/firejail/mnt | 963 | // mount tmpfs on top of /run/firejail/mnt |
964 | if (arg_debug) | 964 | if (arg_debug) |
965 | printf("Mounting tmpfs on /tmp directory\n"); | 965 | printf("Mounting tmpfs on /tmp directory\n"); |
966 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 966 | if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
967 | errExit("mounting /tmp/firejail/mnt"); | 967 | errExit("mounting /tmp/firejail/mnt"); |
968 | } | 968 | } |
969 | 969 | ||
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 0407b0626..97ee9de55 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -105,7 +105,7 @@ void fs_private_dev(void){ | |||
105 | } | 105 | } |
106 | 106 | ||
107 | // mount tmpfs on top of /dev | 107 | // mount tmpfs on top of /dev |
108 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 108 | if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
109 | errExit("mounting /dev"); | 109 | errExit("mounting /dev"); |
110 | fs_logger("mount tmpfs on /dev"); | 110 | fs_logger("mount tmpfs on /dev"); |
111 | 111 | ||
@@ -139,12 +139,12 @@ void fs_private_dev(void){ | |||
139 | // create /dev/shm | 139 | // create /dev/shm |
140 | if (arg_debug) | 140 | if (arg_debug) |
141 | printf("Create /dev/shm directory\n"); | 141 | printf("Create /dev/shm directory\n"); |
142 | rv = mkdir("/dev/shm", 0777); | 142 | rv = mkdir("/dev/shm", 01777); |
143 | if (rv == -1) | 143 | if (rv == -1) |
144 | errExit("mkdir"); | 144 | errExit("mkdir"); |
145 | if (chown("/dev/shm", 0, 0) < 0) | 145 | if (chown("/dev/shm", 0, 0) < 0) |
146 | errExit("chown"); | 146 | errExit("chown"); |
147 | if (chmod("/dev/shm", 0777) < 0) | 147 | if (chmod("/dev/shm", 01777) < 0) |
148 | errExit("chmod"); | 148 | errExit("chmod"); |
149 | fs_logger("mkdir /dev/shm"); | 149 | fs_logger("mkdir /dev/shm"); |
150 | 150 | ||
@@ -201,7 +201,7 @@ void fs_dev_shm(void) { | |||
201 | if (is_dir("/dev/shm")) { | 201 | if (is_dir("/dev/shm")) { |
202 | if (arg_debug) | 202 | if (arg_debug) |
203 | printf("Mounting tmpfs on /dev/shm\n"); | 203 | printf("Mounting tmpfs on /dev/shm\n"); |
204 | if (mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 204 | if (mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
205 | errExit("mounting /dev/shm"); | 205 | errExit("mounting /dev/shm"); |
206 | fs_logger("mount tmpfs on /dev/shm"); | 206 | fs_logger("mount tmpfs on /dev/shm"); |
207 | } | 207 | } |
@@ -210,16 +210,16 @@ void fs_dev_shm(void) { | |||
210 | if (lnk) { | 210 | if (lnk) { |
211 | if (!is_dir(lnk)) { | 211 | if (!is_dir(lnk)) { |
212 | // create directory | 212 | // create directory |
213 | if (mkdir(lnk, 0777)) | 213 | if (mkdir(lnk, 01777)) |
214 | errExit("mkdir"); | 214 | errExit("mkdir"); |
215 | if (chown(lnk, 0, 0)) | 215 | if (chown(lnk, 0, 0)) |
216 | errExit("chown"); | 216 | errExit("chown"); |
217 | if (chmod(lnk, 0777)) | 217 | if (chmod(lnk, 01777)) |
218 | errExit("chmod"); | 218 | errExit("chmod"); |
219 | } | 219 | } |
220 | if (arg_debug) | 220 | if (arg_debug) |
221 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk); | 221 | printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk); |
222 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 222 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
223 | errExit("mounting /var/tmp"); | 223 | errExit("mounting /var/tmp"); |
224 | fs_logger3("mount tmpfs on", lnk, "on behalf of /dev/shm"); | 224 | fs_logger3("mount tmpfs on", lnk, "on behalf of /dev/shm"); |
225 | free(lnk); | 225 | free(lnk); |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index def718720..fe11bd5b5 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
@@ -268,7 +268,7 @@ void fs_var_lock(void) { | |||
268 | if (is_dir("/var/lock")) { | 268 | if (is_dir("/var/lock")) { |
269 | if (arg_debug) | 269 | if (arg_debug) |
270 | printf("Mounting tmpfs on /var/lock\n"); | 270 | printf("Mounting tmpfs on /var/lock\n"); |
271 | if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 271 | if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
272 | errExit("mounting /lock"); | 272 | errExit("mounting /lock"); |
273 | fs_logger("mount tmpfs on /var/lock"); | 273 | fs_logger("mount tmpfs on /var/lock"); |
274 | } | 274 | } |
@@ -286,7 +286,7 @@ void fs_var_lock(void) { | |||
286 | } | 286 | } |
287 | if (arg_debug) | 287 | if (arg_debug) |
288 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk); | 288 | printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk); |
289 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 289 | if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
290 | errExit("mounting /var/lock"); | 290 | errExit("mounting /var/lock"); |
291 | free(lnk); | 291 | free(lnk); |
292 | fs_logger("mount tmpfs on /var/lock"); | 292 | fs_logger("mount tmpfs on /var/lock"); |
@@ -304,7 +304,7 @@ void fs_var_tmp(void) { | |||
304 | if (!is_link("/var/tmp")) { | 304 | if (!is_link("/var/tmp")) { |
305 | if (arg_debug) | 305 | if (arg_debug) |
306 | printf("Mounting tmpfs on /var/tmp\n"); | 306 | printf("Mounting tmpfs on /var/tmp\n"); |
307 | if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=777,gid=0") < 0) | 307 | if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=1777,gid=0") < 0) |
308 | errExit("mounting /var/tmp"); | 308 | errExit("mounting /var/tmp"); |
309 | fs_logger("mount tmpfs on /var/tmp"); | 309 | fs_logger("mount tmpfs on /var/tmp"); |
310 | } | 310 | } |