diff options
author | netblue30 <netblue30@yahoo.com> | 2015-09-01 11:45:23 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2015-09-01 11:45:23 -0400 |
commit | 83781d0de57e584077848a7b19f291b1d9d9d604 (patch) | |
tree | 39132acf39129106d78b8c67f98fc2ba73f5a386 | |
parent | Merge pull request #53 from sarneaud/noblacklist (diff) | |
download | firejail-83781d0de57e584077848a7b19f291b1d9d9d604.tar.gz firejail-83781d0de57e584077848a7b19f291b1d9d9d604.tar.zst firejail-83781d0de57e584077848a7b19f291b1d9d9d604.zip |
testing, admin work
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | RELNOTES | 4 | ||||
-rw-r--r-- | etc/qbittorrent.profile | 2 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 4 | ||||
-rwxr-xr-x | test/profile_syntax2.exp | 4 | ||||
-rwxr-xr-x | test/seccomp-debug.exp | 10 | ||||
-rw-r--r-- | todo | 5 |
8 files changed, 22 insertions, 15 deletions
@@ -21,6 +21,10 @@ Peter Millerchip (https://github.com/pmillerchip) | |||
21 | - support for files and directories starting with ~ in blacklist option | 21 | - support for files and directories starting with ~ in blacklist option |
22 | - support for files and directories with spaces in blacklist option | 22 | - support for files and directories with spaces in blacklist option |
23 | - lots of other fixes | 23 | - lots of other fixes |
24 | sarneaud (https://github.com/sarneaud) | ||
25 | - rewrite globbing code to fix various minor issues | ||
26 | - added noblacklist command for profile files | ||
27 | - various enhancements and bug fixes | ||
24 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | 28 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) |
25 | - user namespace implementation | 29 | - user namespace implementation |
26 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration | 30 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration |
@@ -39,7 +43,5 @@ mjudtmann (https://github.com/mjudtmann) | |||
39 | - lock firejail configuration in disable-mgmt.inc | 43 | - lock firejail configuration in disable-mgmt.inc |
40 | iiotx (https://github.com/iiotx) | 44 | iiotx (https://github.com/iiotx) |
41 | - use generci.profile by default | 45 | - use generci.profile by default |
42 | sarneaud (https://github.com/sarneaud) | ||
43 | - rewrite globbing code to fix various minor issues | ||
44 | 46 | ||
45 | Copyright (C) 2014, 2015 Firejail Authors | 47 | Copyright (C) 2014, 2015 Firejail Authors |
@@ -8,8 +8,8 @@ firejail (0.9.29) baseline; urgency=low | |||
8 | * --private.keep is transitioned to --private-home | 8 | * --private.keep is transitioned to --private-home |
9 | * support ~ and blanks in blacklist option | 9 | * support ~ and blanks in blacklist option |
10 | * support "net none" command in profile files | 10 | * support "net none" command in profile files |
11 | * added "net none" to Evince PDF viewer | 11 | * using /etc/firejail/generic.profile by default for user sessions |
12 | * using /etc/firejail/generic.profile by default | 12 | * using /etc/firejail/server.profile by default for root sessions |
13 | * bugfixes | 13 | * bugfixes |
14 | -- netblue30 <netblue30@yahoo.com> Mon, 24 Aug 2015 20:25:00 -0500 | 14 | -- netblue30 <netblue30@yahoo.com> Mon, 24 Aug 2015 20:25:00 -0500 |
15 | 15 | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 71ddff631..dd7be997c 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
@@ -1,4 +1,4 @@ | |||
1 | # abittorrent profile | 1 | # qbittorrent profile |
2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 64565ab0b..1473c5889 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -80,6 +80,8 @@ file in user home directory. | |||
80 | 80 | ||
81 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. | 81 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. |
82 | 82 | ||
83 | Note: exclude-token is deprecated, use noblacklist command instead. | ||
84 | |||
83 | .TP | 85 | .TP |
84 | # this is a comment | 86 | # this is a comment |
85 | 87 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 62176b84f..cfd00456b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -705,6 +705,10 @@ Example: | |||
705 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 705 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
706 | 706 | ||
707 | .TP | 707 | .TP |
708 | \fB\-\-private-keep=file,directory | ||
709 | This option is deprecated, use private-home instead | ||
710 | |||
711 | .TP | ||
708 | \fB\-\-private-home=file,directory | 712 | \fB\-\-private-home=file,directory |
709 | Build a new user home in a temporary | 713 | Build a new user home in a temporary |
710 | filesystem, and copy the files and directories in the list in the | 714 | filesystem, and copy the files and directories in the list in the |
diff --git a/test/profile_syntax2.exp b/test/profile_syntax2.exp index cd514aa0e..7c5d1b5cd 100755 --- a/test/profile_syntax2.exp +++ b/test/profile_syntax2.exp | |||
@@ -28,11 +28,11 @@ expect { | |||
28 | } | 28 | } |
29 | expect { | 29 | expect { |
30 | timeout {puts "TESTING ERROR 5\n";exit} | 30 | timeout {puts "TESTING ERROR 5\n";exit} |
31 | "Initialize seccomp filter" | 31 | "SECCOMP Filter" |
32 | } | 32 | } |
33 | expect { | 33 | expect { |
34 | timeout {puts "TESTING ERROR 6\n";exit} | 34 | timeout {puts "TESTING ERROR 6\n";exit} |
35 | "Blacklisting syscall" | 35 | "BLACKLIST" |
36 | } | 36 | } |
37 | expect { | 37 | expect { |
38 | timeout {puts "TESTING ERROR 7\n";exit} | 38 | timeout {puts "TESTING ERROR 7\n";exit} |
diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp index a7b89912a..1034f040e 100755 --- a/test/seccomp-debug.exp +++ b/test/seccomp-debug.exp | |||
@@ -7,11 +7,7 @@ match_max 100000 | |||
7 | send -- "firejail --seccomp --debug\r" | 7 | send -- "firejail --seccomp --debug\r" |
8 | expect { | 8 | expect { |
9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
10 | "Blacklisting syscall" | 10 | "SECCOMP Filter" |
11 | } | ||
12 | expect { | ||
13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
14 | "open_by_handle_at" | ||
15 | } | 11 | } |
16 | expect { | 12 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 13 | timeout {puts "TESTING ERROR 2\n";exit} |
@@ -28,5 +24,5 @@ expect { | |||
28 | sleep 2 | 24 | sleep 2 |
29 | 25 | ||
30 | send -- "exit\r" | 26 | send -- "exit\r" |
31 | sleep 1 | 27 | after 100 |
32 | puts "\n" | 28 | puts "all done\n" |
@@ -27,5 +27,8 @@ Warning: failed to unmount /sys | |||
27 | Child process initialized | 27 | Child process initialized |
28 | $ | 28 | $ |
29 | 29 | ||
30 | 3. default.profile creating problems for --chroot, --overlay, --private-home | 30 | 3. Remove private.keep in 0.9.34 release (deprecated in 0.9.30) |
31 | |||
32 | 4. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30) | ||
33 | |||
31 | 34 | ||