diff options
author | netblue30 <netblue30@yahoo.com> | 2017-06-12 07:24:43 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-06-12 07:24:43 -0400 |
commit | 5be1d138e54f9497703c2126c2ad087e960caad0 (patch) | |
tree | 20fe2d46775b09d04b8fb2487084407003144b55 | |
parent | novideo fixes (diff) | |
download | firejail-5be1d138e54f9497703c2126c2ad087e960caad0.tar.gz firejail-5be1d138e54f9497703c2126c2ad087e960caad0.tar.zst firejail-5be1d138e54f9497703c2126c2ad087e960caad0.zip |
0.9.48 testing
-rw-r--r-- | RELNOTES | 5 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/appimage.c | 4 | ||||
-rw-r--r-- | src/firejail/fs_dev.c | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 1 |
6 files changed, 16 insertions, 16 deletions
@@ -1,5 +1,4 @@ | |||
1 | firejail (0.9.47) baseline; urgency=low | 1 | firejail (0.9.48) baseline; urgency=low |
2 | * work in progress | ||
3 | * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; | 2 | * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; |
4 | please use ~/Downloads directory for saving files | 3 | please use ~/Downloads directory for saving files |
5 | * modifs: AppArmor made optional; a warning is printed on the screen | 4 | * modifs: AppArmor made optional; a warning is printed on the screen |
@@ -10,7 +9,7 @@ firejail (0.9.47) baseline; urgency=low | |||
10 | * feature: profile support in overlayfs mode | 9 | * feature: profile support in overlayfs mode |
11 | * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake | 10 | * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake |
12 | * bugfixes | 11 | * bugfixes |
13 | -- netblue30 <netblue30@yahoo.com> Tue, 23 May 2017 08:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 08:00:00 -0500 |
14 | 13 | ||
15 | firejail (0.9.46) baseline; urgency=low | 14 | firejail (0.9.46) baseline; urgency=low |
16 | * security: split most of networking code in a separate executable | 15 | * security: split most of networking code in a separate executable |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.47. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.48. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.47' | 583 | PACKAGE_VERSION='0.9.48' |
584 | PACKAGE_STRING='firejail 0.9.47' | 584 | PACKAGE_STRING='firejail 0.9.48' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1265,7 +1265,7 @@ if test "$ac_init_help" = "long"; then | |||
1265 | # Omit some internal or obsolete options to make the list less imposing. | 1265 | # Omit some internal or obsolete options to make the list less imposing. |
1266 | # This message is too long to be a string in the A/UX 3.1 sh. | 1266 | # This message is too long to be a string in the A/UX 3.1 sh. |
1267 | cat <<_ACEOF | 1267 | cat <<_ACEOF |
1268 | \`configure' configures firejail 0.9.47 to adapt to many kinds of systems. | 1268 | \`configure' configures firejail 0.9.48 to adapt to many kinds of systems. |
1269 | 1269 | ||
1270 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1270 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1271 | 1271 | ||
@@ -1326,7 +1326,7 @@ fi | |||
1326 | 1326 | ||
1327 | if test -n "$ac_init_help"; then | 1327 | if test -n "$ac_init_help"; then |
1328 | case $ac_init_help in | 1328 | case $ac_init_help in |
1329 | short | recursive ) echo "Configuration of firejail 0.9.47:";; | 1329 | short | recursive ) echo "Configuration of firejail 0.9.48:";; |
1330 | esac | 1330 | esac |
1331 | cat <<\_ACEOF | 1331 | cat <<\_ACEOF |
1332 | 1332 | ||
@@ -1434,7 +1434,7 @@ fi | |||
1434 | test -n "$ac_init_help" && exit $ac_status | 1434 | test -n "$ac_init_help" && exit $ac_status |
1435 | if $ac_init_version; then | 1435 | if $ac_init_version; then |
1436 | cat <<\_ACEOF | 1436 | cat <<\_ACEOF |
1437 | firejail configure 0.9.47 | 1437 | firejail configure 0.9.48 |
1438 | generated by GNU Autoconf 2.69 | 1438 | generated by GNU Autoconf 2.69 |
1439 | 1439 | ||
1440 | Copyright (C) 2012 Free Software Foundation, Inc. | 1440 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1736,7 +1736,7 @@ cat >config.log <<_ACEOF | |||
1736 | This file contains any messages produced by compilers while | 1736 | This file contains any messages produced by compilers while |
1737 | running configure, to aid debugging if configure makes a mistake. | 1737 | running configure, to aid debugging if configure makes a mistake. |
1738 | 1738 | ||
1739 | It was created by firejail $as_me 0.9.47, which was | 1739 | It was created by firejail $as_me 0.9.48, which was |
1740 | generated by GNU Autoconf 2.69. Invocation command line was | 1740 | generated by GNU Autoconf 2.69. Invocation command line was |
1741 | 1741 | ||
1742 | $ $0 $@ | 1742 | $ $0 $@ |
@@ -4355,7 +4355,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4355 | # report actual input values of CONFIG_FILES etc. instead of their | 4355 | # report actual input values of CONFIG_FILES etc. instead of their |
4356 | # values after options handling. | 4356 | # values after options handling. |
4357 | ac_log=" | 4357 | ac_log=" |
4358 | This file was extended by firejail $as_me 0.9.47, which was | 4358 | This file was extended by firejail $as_me 0.9.48, which was |
4359 | generated by GNU Autoconf 2.69. Invocation command line was | 4359 | generated by GNU Autoconf 2.69. Invocation command line was |
4360 | 4360 | ||
4361 | CONFIG_FILES = $CONFIG_FILES | 4361 | CONFIG_FILES = $CONFIG_FILES |
@@ -4409,7 +4409,7 @@ _ACEOF | |||
4409 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4409 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4410 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4410 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4411 | ac_cs_version="\\ | 4411 | ac_cs_version="\\ |
4412 | firejail config.status 0.9.47 | 4412 | firejail config.status 0.9.48 |
4413 | configured by $0, generated by GNU Autoconf 2.69, | 4413 | configured by $0, generated by GNU Autoconf 2.69, |
4414 | with options \\"\$ac_cs_config\\" | 4414 | with options \\"\$ac_cs_config\\" |
4415 | 4415 | ||
diff --git a/configure.ac b/configure.ac index dc59e5b15..c0f5dd357 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.47, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.48, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/appimage.c b/src/firejail/appimage.c index 976750f8f..0f7ab40ff 100644 --- a/src/firejail/appimage.c +++ b/src/firejail/appimage.c | |||
@@ -31,17 +31,19 @@ | |||
31 | static char *devloop = NULL; // device file | 31 | static char *devloop = NULL; // device file |
32 | static char *mntdir = NULL; // mount point in /tmp directory | 32 | static char *mntdir = NULL; // mount point in /tmp directory |
33 | 33 | ||
34 | #ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h | ||
34 | static void err_loop(void) { | 35 | static void err_loop(void) { |
35 | fprintf(stderr, "Error: cannot configure loopback device\n"); | 36 | fprintf(stderr, "Error: cannot configure loopback device\n"); |
36 | exit(1); | 37 | exit(1); |
37 | } | 38 | } |
39 | #endif | ||
38 | 40 | ||
39 | void appimage_set(const char *appimage) { | 41 | void appimage_set(const char *appimage) { |
40 | assert(appimage); | 42 | assert(appimage); |
41 | assert(devloop == NULL); // don't call this twice! | 43 | assert(devloop == NULL); // don't call this twice! |
42 | EUID_ASSERT(); | 44 | EUID_ASSERT(); |
43 | 45 | ||
44 | #ifdef LOOP_CTL_GET_FREE // test for older kernels; this definition is found in /usr/include/linux/loop.h | 46 | #ifdef LOOP_CTL_GET_FREE |
45 | // check appimage file | 47 | // check appimage file |
46 | invalid_filename(appimage); | 48 | invalid_filename(appimage); |
47 | if (access(appimage, R_OK) == -1) { | 49 | if (access(appimage, R_OK) == -1) { |
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c index 8ab176961..fdaa0b355 100644 --- a/src/firejail/fs_dev.c +++ b/src/firejail/fs_dev.c | |||
@@ -52,7 +52,7 @@ static DevEntry dev[] = { | |||
52 | {"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", 0, 1, 0}, | 52 | {"/dev/nvidia7", RUN_DEV_DIR "/nvidia7", 0, 1, 0}, |
53 | {"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", 0, 1, 0}, | 53 | {"/dev/nvidia8", RUN_DEV_DIR "/nvidia8", 0, 1, 0}, |
54 | {"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", 0, 1, 0}, | 54 | {"/dev/nvidia9", RUN_DEV_DIR "/nvidia9", 0, 1, 0}, |
55 | {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1}, | 55 | {"/dev/nvidiactl", RUN_DEV_DIR "/nvidiactl", 0, 1, 0}, |
56 | {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1, 0}, | 56 | {"/dev/nvidia-modeset", RUN_DEV_DIR "/nvidia-modeset", 0, 1, 0}, |
57 | {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1, 0}, | 57 | {"/dev/nvidia-uvm", RUN_DEV_DIR "/nvidia-uvm", 0, 1, 0}, |
58 | {"/dev/video0", RUN_DEV_DIR "/video0", 0, 0, 1}, // video camera devices | 58 | {"/dev/video0", RUN_DEV_DIR "/video0", 0, 0, 1}, // video camera devices |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 7489e7b6d..4ee05d070 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -989,7 +989,6 @@ int sandbox(void* sandbox_arg) { | |||
989 | if (app_pid == 0) { | 989 | if (app_pid == 0) { |
990 | #ifdef HAVE_APPARMOR | 990 | #ifdef HAVE_APPARMOR |
991 | if (arg_apparmor) { | 991 | if (arg_apparmor) { |
992 | int done = 0; | ||
993 | errno = 0; | 992 | errno = 0; |
994 | if (aa_change_onexec("firejail-default")) { | 993 | if (aa_change_onexec("firejail-default")) { |
995 | fwarning("Cannot confine the application using AppArmor.\n" | 994 | fwarning("Cannot confine the application using AppArmor.\n" |