diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-02-27 09:06:02 +0100 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2021-03-01 12:10:49 +0100 |
commit | f09bb2af9af7f3fec9346bd138c79f1cdd12eab5 (patch) | |
tree | e915a47ce9bc6e049cb1139ed83446ef0515f7d1 | |
parent | compile time: enable LTS (diff) | |
download | firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.gz firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.tar.zst firejail-f09bb2af9af7f3fec9346bd138c79f1cdd12eab5.zip |
fixes
- RELNOTS: protocol now accumulates
- fix #3978 -- Android Studio: cannot create the directory
Unresolved:
> google-earth.profile has a 'noblacklist ${HOME}/.config/Google' too,
> so we should consider to add additional blacklists for ~/.config/Google/*.
- marker.profile: allow ${DOCUMENTS}
- profile.template: add bluetooth protocol
- profile.template: add DBus portal note
- firejail-profile.txt: revert 17fe4b9e -- fix private=directory in man firejail-profile
see https://github.com/netblue30/firejail/pull/3970#discussion_r574411745
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/profile-a-l/android-studio.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/marker.profile | 1 | ||||
-rw-r--r-- | etc/templates/profile.template | 5 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 |
5 files changed, 7 insertions, 3 deletions
@@ -2,6 +2,7 @@ firejail (0.9.65) baseline; urgency=low | |||
2 | * filtering environment variables | 2 | * filtering environment variables |
3 | * zsh completion | 3 | * zsh completion |
4 | * --mkdir, --mkfile | 4 | * --mkdir, --mkfile |
5 | * protocol now accumulates | ||
5 | * Jolla/SailfishOS patches | 6 | * Jolla/SailfishOS patches |
6 | * private-lib rework | 7 | * private-lib rework |
7 | * jailtest | 8 | * jailtest |
diff --git a/etc/profile-a-l/android-studio.profile b/etc/profile-a-l/android-studio.profile index 2cdd3a90c..5a21744cf 100644 --- a/etc/profile-a-l/android-studio.profile +++ b/etc/profile-a-l/android-studio.profile | |||
@@ -5,6 +5,7 @@ include android-studio.local | |||
5 | # Persistent global definitions | 5 | # Persistent global definitions |
6 | include globals.local | 6 | include globals.local |
7 | 7 | ||
8 | noblacklist ${HOME}/.config/Google | ||
8 | noblacklist ${HOME}/.AndroidStudio* | 9 | noblacklist ${HOME}/.AndroidStudio* |
9 | noblacklist ${HOME}/.android | 10 | noblacklist ${HOME}/.android |
10 | noblacklist ${HOME}/.jack-server | 11 | noblacklist ${HOME}/.jack-server |
diff --git a/etc/profile-m-z/marker.profile b/etc/profile-m-z/marker.profile index 55865fe72..029d0183d 100644 --- a/etc/profile-m-z/marker.profile +++ b/etc/profile-m-z/marker.profile | |||
@@ -12,6 +12,7 @@ include globals.local | |||
12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf | 12 | #private-etc ca-certificates,ssl,pki,crypto-policies,nsswitch.conf,resolv.conf |
13 | 13 | ||
14 | noblacklist ${HOME}/.cache/marker | 14 | noblacklist ${HOME}/.cache/marker |
15 | noblacklist ${DOCUMENTS} | ||
15 | 16 | ||
16 | include disable-common.inc | 17 | include disable-common.inc |
17 | include disable-devel.inc | 18 | include disable-devel.inc |
diff --git a/etc/templates/profile.template b/etc/templates/profile.template index 72b7d3025..17d7f55b2 100644 --- a/etc/templates/profile.template +++ b/etc/templates/profile.template | |||
@@ -155,8 +155,8 @@ include globals.local | |||
155 | # - unix is usually needed | 155 | # - unix is usually needed |
156 | # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) | 156 | # - inet,inet6 only if internet access is required (see 'net none'/'netfilter' above) |
157 | # - netlink is rarely needed | 157 | # - netlink is rarely needed |
158 | # - packet almost never | 158 | # - packet and bluetooth almost never |
159 | #protocol unix,inet,inet6,netlink,packet | 159 | #protocol unix,inet,inet6,netlink,packet,bluetooth |
160 | #seccomp | 160 | #seccomp |
161 | ##seccomp !chroot | 161 | ##seccomp !chroot |
162 | ##seccomp.drop SYSCALLS (see syscalls.txt) | 162 | ##seccomp.drop SYSCALLS (see syscalls.txt) |
@@ -200,6 +200,7 @@ include globals.local | |||
200 | # flatpak remote-info --show-metadata flathub <APP-ID> | 200 | # flatpak remote-info --show-metadata flathub <APP-ID> |
201 | # Notes: | 201 | # Notes: |
202 | # - flatpak implicitly allows an app to own <APP-ID> on the session bus | 202 | # - flatpak implicitly allows an app to own <APP-ID> on the session bus |
203 | # - Some features like native notifications are implemented as portal too. | ||
203 | # - In order to make dconf work (when used by the app) you need to allow | 204 | # - In order to make dconf work (when used by the app) you need to allow |
204 | # 'ca.desrt.dconf' even when not allowed by flatpak. | 205 | # 'ca.desrt.dconf' even when not allowed by flatpak. |
205 | # Notes and Policiy about addresses can be found at | 206 | # Notes and Policiy about addresses can be found at |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index c7dc4c434..b25fc9181 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -266,7 +266,7 @@ Mount new /root and /home/user directories in temporary | |||
266 | filesystems. All modifications are discarded when the sandbox is | 266 | filesystems. All modifications are discarded when the sandbox is |
267 | closed. | 267 | closed. |
268 | .TP | 268 | .TP |
269 | \fBprivate=directory | 269 | \fBprivate directory |
270 | Use directory as user home. | 270 | Use directory as user home. |
271 | .TP | 271 | .TP |
272 | \fBprivate-bin file,file | 272 | \fBprivate-bin file,file |