diff options
author | netblue30 <netblue30@yahoo.com> | 2015-12-12 08:14:44 -0500 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-12-12 08:14:44 -0500 |
commit | 1d7f4c65e4335ef8000967f08af8c549227bc325 (patch) | |
tree | a2a620884bf2e1a86a6ff29725f93312eb65f533 | |
parent | debug enhancements (diff) | |
download | firejail-1d7f4c65e4335ef8000967f08af8c549227bc325.tar.gz firejail-1d7f4c65e4335ef8000967f08af8c549227bc325.tar.zst firejail-1d7f4c65e4335ef8000967f08af8c549227bc325.zip |
fixes
-rw-r--r-- | etc/disable-common.inc | 2 | ||||
-rw-r--r-- | todo | 46 |
2 files changed, 2 insertions, 46 deletions
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 0b98a01e8..e7974f02d 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
@@ -5,7 +5,7 @@ blacklist-nolog ${HOME}/.*_history | |||
5 | # HTTP / FTP / Mail | 5 | # HTTP / FTP / Mail |
6 | blacklist-nolog ${HOME}/.adobe | 6 | blacklist-nolog ${HOME}/.adobe |
7 | blacklist-nolog ${HOME}/.macromedia | 7 | blacklist-nolog ${HOME}/.macromedia |
8 | blacklist-nolog ${HOME}/.mozilla | 8 | blacklist ${HOME}/.mozilla |
9 | blacklist ${HOME}/.icedove | 9 | blacklist ${HOME}/.icedove |
10 | blacklist ${HOME}/.thunderbird | 10 | blacklist ${HOME}/.thunderbird |
11 | blacklist ${HOME}/.sylpheed-2.0 | 11 | blacklist ${HOME}/.sylpheed-2.0 |
@@ -77,7 +77,6 @@ socat ABSTRACT-LISTEN:/tmp/dbus-awBoQTCc,fork UNIX-CONNECT:/tmp/mysock | |||
77 | 77 | ||
78 | 13. While using --net=eth0 assign the name of the interface inside the sandbox as eth0 | 78 | 13. While using --net=eth0 assign the name of the interface inside the sandbox as eth0 |
79 | 79 | ||
80 | 14. check chroot does not allow on symlinks | ||
81 | 15. do not attempt to mount /sys if unmount fails | 80 | 15. do not attempt to mount /sys if unmount fails |
82 | 81 | ||
83 | $ firejail --noprofile --chroot=/tmp/chroot | 82 | $ firejail --noprofile --chroot=/tmp/chroot |
@@ -98,53 +97,10 @@ Child process initialized | |||
98 | 16. add support for --ip, --iprange, --mac and --mtu for --interface option | 97 | 16. add support for --ip, --iprange, --mac and --mtu for --interface option |
99 | 98 | ||
100 | 17. private-home clashing with blacklist | 99 | 17. private-home clashing with blacklist |
101 | $ firejail --private-home=.mozilla | 100 | whitelist clashing with blacklist |
102 | Reading profile /etc/firejail/generic.profile | ||
103 | Reading profile /etc/firejail/disable-mgmt.inc | ||
104 | Reading profile /etc/firejail/disable-secret.inc | ||
105 | Reading profile /etc/firejail/disable-common.inc | ||
106 | |||
107 | ** Note: you can use --noprofile to disable generic.profile ** | ||
108 | |||
109 | Parent pid 8193, child pid 8194 | ||
110 | /run/firejail/mnt/cp: cannot access `/home/netblue/.mozilla': Permission denied | ||
111 | Error system cp -a --parents:duplicate(381): No such file or directory | ||
112 | Child process initialized | ||
113 | $ ls -la | ||
114 | total 4 | ||
115 | drwx------ 3 test test 100 Nov 25 07:59 . | ||
116 | drwxr-xr-x 3 65534 65534 60 Nov 25 07:59 .. | ||
117 | -rw-r--r-- 1 test test 3392 Nov 25 07:59 .bashrc | ||
118 | dr-x------ 2 65534 65534 40 Nov 24 17:53 .mozilla | ||
119 | -rw------- 1 test test 0 Nov 25 07:59 .Xauthority | ||
120 | |||
121 | |||
122 | |||
123 | |||
124 | 18. whitelist clashing with blacklist | ||
125 | $ firejail --whitelist=~/.mozilla | ||
126 | Reading profile /etc/firejail/generic.profile | ||
127 | Reading profile /etc/firejail/disable-mgmt.inc | ||
128 | Reading profile /etc/firejail/disable-secret.inc | ||
129 | Reading profile /etc/firejail/disable-common.inc | ||
130 | |||
131 | ** Note: you can use --noprofile to disable generic.profile ** | ||
132 | |||
133 | Parent pid 9440, child pid 9441 | ||
134 | Child process initialized | ||
135 | $ ls -al | ||
136 | total 8 | ||
137 | drwx------ 3 netblue netblue 100 Nov 25 08:09 . | ||
138 | drwxr-xr-x 3 65534 65534 60 Nov 25 08:09 .. | ||
139 | -rw-r--r-- 1 netblue netblue 3392 Nov 25 08:09 .bashrc | ||
140 | dr-x------ 2 65534 65534 40 Nov 24 17:53 .mozilla | ||
141 | -rw------- 1 netblue netblue 51 Nov 25 08:09 .Xauthority | ||
142 | |||
143 | 101 | ||
144 | 19. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151 | 102 | 19. Try --overlay on a Ubuntu 14.04 32bit.Without adding --dns, there will be no network connectivity - see issue 151 |
145 | 103 | ||
146 | 20. blacklist ~/.cache in disable-common.inc??? | ||
147 | |||
148 | 21. restrict chars in filenames | 104 | 21. restrict chars in filenames |
149 | 105 | ||
150 | try to open url-encoded filenames | 106 | try to open url-encoded filenames |