diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-16 08:51:52 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-16 08:51:52 -0400 |
commit | f88f8c638f8178d07af3e7df6257727d88709fd5 (patch) | |
tree | dcc1571485ef35b0d979070053086d0ad6a0ccb9 | |
parent | Merge pull request #859 from valoq/master (diff) | |
download | firejail-f88f8c638f8178d07af3e7df6257727d88709fd5.tar.gz firejail-f88f8c638f8178d07af3e7df6257727d88709fd5.tar.zst firejail-f88f8c638f8178d07af3e7df6257727d88709fd5.zip |
merges
-rw-r--r-- | README | 9 | ||||
-rw-r--r-- | RELNOTES | 6 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 1 |
3 files changed, 11 insertions, 5 deletions
@@ -77,6 +77,12 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
77 | - added gnome-chess profile | 77 | - added gnome-chess profile |
78 | - added DOSBox profile | 78 | - added DOSBox profile |
79 | - evince profile enhancement | 79 | - evince profile enhancement |
80 | valoq (https://github.com/valoq) | ||
81 | - LibreOffice profile fixes | ||
82 | - cherrytree profile fixes | ||
83 | - added support for /srv in --whitelist feature | ||
84 | Rafael Cavalcanti (https://github.com/rccavalcanti) | ||
85 | - chromium profile fixes for Arch Linux | ||
80 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) | 86 | Deelvesh Bunjun (https://github.com/DeelveshBunjun) |
81 | - added xpdf profile | 87 | - added xpdf profile |
82 | vismir2 (https://github.com/vismir2) | 88 | vismir2 (https://github.com/vismir2) |
@@ -84,9 +90,6 @@ vismir2 (https://github.com/vismir2) | |||
84 | Dara Adib (https://github.com/daradib) | 90 | Dara Adib (https://github.com/daradib) |
85 | - ssh profile fix | 91 | - ssh profile fix |
86 | - evince profile fix | 92 | - evince profile fix |
87 | valoq (https://github.com/valoq) | ||
88 | - LibreOffice profile fixes | ||
89 | - cherrytree profile fixes | ||
90 | vismir2 (https://github.com/vismir2) | 93 | vismir2 (https://github.com/vismir2) |
91 | - feh, ranger, 7z, keepass, keepassx and zathura profiles | 94 | - feh, ranger, 7z, keepass, keepassx and zathura profiles |
92 | - lots of profile fixes | 95 | - lots of profile fixes |
@@ -1,9 +1,10 @@ | |||
1 | firejail (0.9.43) baseline; urgency=low | 1 | firejail (0.9.44~rc1) baseline; urgency=low |
2 | * CVE-2016-7545 submitted by Aleksey Manevich | 2 | * CVE-2016-7545 submitted by Aleksey Manevich |
3 | * development version | 3 | * development version |
4 | * modifs: removed man firejail-config | 4 | * modifs: removed man firejail-config |
5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory | 5 | * modifs: --private-tmp whitelists /tmp/.X11-unix directory |
6 | * modifs: Nvidia drivers added to --private-dev | 6 | * modifs: Nvidia drivers added to --private-dev |
7 | * modifs: /srv supported by --whitelist | ||
7 | * feature: support starting/joining sandbox is a single command | 8 | * feature: support starting/joining sandbox is a single command |
8 | (--join-or-start) | 9 | (--join-or-start) |
9 | * feature: X11 detection support for --audit | 10 | * feature: X11 detection support for --audit |
@@ -15,11 +16,12 @@ firejail (0.9.43) baseline; urgency=low | |||
15 | * feature: X11 security extension (--x11=xorg) | 16 | * feature: X11 security extension (--x11=xorg) |
16 | * feature: disable 3D hardware acceleration (--no3d) | 17 | * feature: disable 3D hardware acceleration (--no3d) |
17 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands | 18 | * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands |
19 | * feature: move files in sandbox (--put) | ||
18 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape | 20 | * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape |
19 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, | 21 | * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, |
20 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf | 22 | * new profiles: claws-mail, mutt, git, emacs, vim, xpdf |
21 | * bugfixes | 23 | * bugfixes |
22 | -- netblue30 <netblue30@yahoo.com> Fri, 9 Sept 2016 08:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Sat, 15 Sept 2016 08:00:00 -0500 |
23 | 25 | ||
24 | firejail (0.9.42) baseline; urgency=low | 26 | firejail (0.9.42) baseline; urgency=low |
25 | * security: --whitelist deleted files, submitted by Vasya Novikov | 27 | * security: --whitelist deleted files, submitted by Vasya Novikov |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index b1c2774e2..8bbdbe5d3 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -822,6 +822,7 @@ void fs_whitelist(void) { | |||
822 | if (mount("tmpfs", RUN_WHITELIST_SRV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) | 822 | if (mount("tmpfs", RUN_WHITELIST_SRV_DIR, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC, "mode=755,gid=0") < 0) |
823 | errExit("mount tmpfs"); | 823 | errExit("mount tmpfs"); |
824 | fs_logger2("tmpfs", RUN_WHITELIST_SRV_DIR); | 824 | fs_logger2("tmpfs", RUN_WHITELIST_SRV_DIR); |
825 | } | ||
825 | 826 | ||
826 | if (new_name) | 827 | if (new_name) |
827 | free(new_name); | 828 | free(new_name); |