diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-29 11:56:34 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-29 11:56:34 -0400 |
commit | 70d1b463a04867e2ede3da284a5209d190458d84 (patch) | |
tree | 026cbe6cb873d3e0b34936e1f67e0d2a15d99ba1 | |
parent | fixes (diff) | |
download | firejail-70d1b463a04867e2ede3da284a5209d190458d84.tar.gz firejail-70d1b463a04867e2ede3da284a5209d190458d84.tar.zst firejail-70d1b463a04867e2ede3da284a5209d190458d84.zip |
0.9.42~rc3 starting
-rw-r--r-- | RELNOTES | 1 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/fs.c | 10 | ||||
-rw-r--r-- | todo | 3 |
5 files changed, 18 insertions, 16 deletions
@@ -40,6 +40,7 @@ firejail (0.9.42~rc2) baseline; urgency=low | |||
40 | * profiles: Atom Beta, Atom, jitsi, eom, uudeview | 40 | * profiles: Atom Beta, Atom, jitsi, eom, uudeview |
41 | * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, | 41 | * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, |
42 | * profiles: inox, Slack, gnome-chess. Gajim IM client | 42 | * profiles: inox, Slack, gnome-chess. Gajim IM client |
43 | * bugfixes | ||
43 | -- netblue30 <netblue30@yahoo.com> Thu, 26 Aug 2016 08:00:00 -0500 | 44 | -- netblue30 <netblue30@yahoo.com> Thu, 26 Aug 2016 08:00:00 -0500 |
44 | 45 | ||
45 | firejail (0.9.40) baseline; urgency=low | 46 | firejail (0.9.40) baseline; urgency=low |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.42~rc2. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.42~rc3. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.42~rc2' | 583 | PACKAGE_VERSION='0.9.42~rc3' |
584 | PACKAGE_STRING='firejail 0.9.42~rc2' | 584 | PACKAGE_STRING='firejail 0.9.42~rc3' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1257,7 +1257,7 @@ if test "$ac_init_help" = "long"; then | |||
1257 | # Omit some internal or obsolete options to make the list less imposing. | 1257 | # Omit some internal or obsolete options to make the list less imposing. |
1258 | # This message is too long to be a string in the A/UX 3.1 sh. | 1258 | # This message is too long to be a string in the A/UX 3.1 sh. |
1259 | cat <<_ACEOF | 1259 | cat <<_ACEOF |
1260 | \`configure' configures firejail 0.9.42~rc2 to adapt to many kinds of systems. | 1260 | \`configure' configures firejail 0.9.42~rc3 to adapt to many kinds of systems. |
1261 | 1261 | ||
1262 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1262 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1263 | 1263 | ||
@@ -1318,7 +1318,7 @@ fi | |||
1318 | 1318 | ||
1319 | if test -n "$ac_init_help"; then | 1319 | if test -n "$ac_init_help"; then |
1320 | case $ac_init_help in | 1320 | case $ac_init_help in |
1321 | short | recursive ) echo "Configuration of firejail 0.9.42~rc2:";; | 1321 | short | recursive ) echo "Configuration of firejail 0.9.42~rc3:";; |
1322 | esac | 1322 | esac |
1323 | cat <<\_ACEOF | 1323 | cat <<\_ACEOF |
1324 | 1324 | ||
@@ -1421,7 +1421,7 @@ fi | |||
1421 | test -n "$ac_init_help" && exit $ac_status | 1421 | test -n "$ac_init_help" && exit $ac_status |
1422 | if $ac_init_version; then | 1422 | if $ac_init_version; then |
1423 | cat <<\_ACEOF | 1423 | cat <<\_ACEOF |
1424 | firejail configure 0.9.42~rc2 | 1424 | firejail configure 0.9.42~rc3 |
1425 | generated by GNU Autoconf 2.69 | 1425 | generated by GNU Autoconf 2.69 |
1426 | 1426 | ||
1427 | Copyright (C) 2012 Free Software Foundation, Inc. | 1427 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1723,7 +1723,7 @@ cat >config.log <<_ACEOF | |||
1723 | This file contains any messages produced by compilers while | 1723 | This file contains any messages produced by compilers while |
1724 | running configure, to aid debugging if configure makes a mistake. | 1724 | running configure, to aid debugging if configure makes a mistake. |
1725 | 1725 | ||
1726 | It was created by firejail $as_me 0.9.42~rc2, which was | 1726 | It was created by firejail $as_me 0.9.42~rc3, which was |
1727 | generated by GNU Autoconf 2.69. Invocation command line was | 1727 | generated by GNU Autoconf 2.69. Invocation command line was |
1728 | 1728 | ||
1729 | $ $0 $@ | 1729 | $ $0 $@ |
@@ -4294,7 +4294,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4294 | # report actual input values of CONFIG_FILES etc. instead of their | 4294 | # report actual input values of CONFIG_FILES etc. instead of their |
4295 | # values after options handling. | 4295 | # values after options handling. |
4296 | ac_log=" | 4296 | ac_log=" |
4297 | This file was extended by firejail $as_me 0.9.42~rc2, which was | 4297 | This file was extended by firejail $as_me 0.9.42~rc3, which was |
4298 | generated by GNU Autoconf 2.69. Invocation command line was | 4298 | generated by GNU Autoconf 2.69. Invocation command line was |
4299 | 4299 | ||
4300 | CONFIG_FILES = $CONFIG_FILES | 4300 | CONFIG_FILES = $CONFIG_FILES |
@@ -4348,7 +4348,7 @@ _ACEOF | |||
4348 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4348 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4349 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4349 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4350 | ac_cs_version="\\ | 4350 | ac_cs_version="\\ |
4351 | firejail config.status 0.9.42~rc2 | 4351 | firejail config.status 0.9.42~rc3 |
4352 | configured by $0, generated by GNU Autoconf 2.69, | 4352 | configured by $0, generated by GNU Autoconf 2.69, |
4353 | with options \\"\$ac_cs_config\\" | 4353 | with options \\"\$ac_cs_config\\" |
4354 | 4354 | ||
diff --git a/configure.ac b/configure.ac index 2a5bd5e54..67b74e723 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.42~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.42~rc3, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 27c69d0e1..855ebad7b 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -647,10 +647,6 @@ void fs_proc_sys_dev_boot(void) { | |||
647 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); | 647 | disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo"); |
648 | disable_file(BLACKLIST_FILE, "/sys/kernel/uevent_helper"); | 648 | disable_file(BLACKLIST_FILE, "/sys/kernel/uevent_helper"); |
649 | 649 | ||
650 | // if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0) | ||
651 | // errExit("mounting /sys"); | ||
652 | |||
653 | |||
654 | // various /proc/sys files | 650 | // various /proc/sys files |
655 | disable_file(BLACKLIST_FILE, "/proc/sys/security"); | 651 | disable_file(BLACKLIST_FILE, "/proc/sys/security"); |
656 | disable_file(BLACKLIST_FILE, "/proc/sys/efi/vars"); | 652 | disable_file(BLACKLIST_FILE, "/proc/sys/efi/vars"); |
@@ -661,7 +657,6 @@ void fs_proc_sys_dev_boot(void) { | |||
661 | disable_file(BLACKLIST_FILE, "/proc/sys/kernel/hotplug"); | 657 | disable_file(BLACKLIST_FILE, "/proc/sys/kernel/hotplug"); |
662 | disable_file(BLACKLIST_FILE, "/proc/sys/vm/panic_on_oom"); | 658 | disable_file(BLACKLIST_FILE, "/proc/sys/vm/panic_on_oom"); |
663 | 659 | ||
664 | |||
665 | // various /proc files | 660 | // various /proc files |
666 | disable_file(BLACKLIST_FILE, "/proc/irq"); | 661 | disable_file(BLACKLIST_FILE, "/proc/irq"); |
667 | disable_file(BLACKLIST_FILE, "/proc/bus"); | 662 | disable_file(BLACKLIST_FILE, "/proc/bus"); |
@@ -674,7 +669,10 @@ void fs_proc_sys_dev_boot(void) { | |||
674 | disable_file(BLACKLIST_FILE, "/proc/mem"); | 669 | disable_file(BLACKLIST_FILE, "/proc/mem"); |
675 | disable_file(BLACKLIST_FILE, "/proc/kmem"); | 670 | disable_file(BLACKLIST_FILE, "/proc/kmem"); |
676 | 671 | ||
677 | // disable /boot | 672 | // remove kernel symbol information |
673 | disable_file(BLACKLIST_FILE, "/usr/src/linux"); | ||
674 | disable_file(BLACKLIST_FILE, "/lib/modules"); | ||
675 | disable_file(BLACKLIST_FILE, "/usr/lib/debug"); | ||
678 | disable_file(BLACKLIST_FILE, "/boot"); | 676 | disable_file(BLACKLIST_FILE, "/boot"); |
679 | 677 | ||
680 | // disable /selinux | 678 | // disable /selinux |
@@ -268,3 +268,6 @@ also check --apparmor in this case | |||
268 | 25. fix firemon and firetools on systems with hidepid=2 | 268 | 25. fix firemon and firetools on systems with hidepid=2 |
269 | 269 | ||
270 | sudo mount -o remount,rw,hidepid=2 /proc | 270 | sudo mount -o remount,rw,hidepid=2 /proc |
271 | |||
272 | 26. mupdf profile | ||
273 | |||