diff options
author | netblue30 <netblue30@protonmail.com> | 2022-02-03 09:32:25 -0500 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2022-02-03 09:32:25 -0500 |
commit | 9b22a26f767f5a7605ad8be7b93f6c21dad04eb7 (patch) | |
tree | adce9713754db45ef15696fe8570013d2c821cf2 | |
parent | fix map view in geeqie (diff) | |
parent | Merge pull request #4889 from kmk3/relnotes-add-security-items (diff) | |
download | firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.gz firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.zst firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.zip |
Merge branch 'master' of ssh://github.com/netblue30/firejail
-rw-r--r-- | RELNOTES | 4 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 1 | ||||
-rw-r--r-- | etc/profile-m-z/steam.profile | 5 |
4 files changed, 11 insertions, 0 deletions
@@ -1,5 +1,9 @@ | |||
1 | firejail (0.9.68rc2) baseline; urgency=low | 1 | firejail (0.9.68rc2) baseline; urgency=low |
2 | * work in progress | 2 | * work in progress |
3 | * security: on Ubuntu, the PPA is now recommended over the distro package | ||
4 | (see README.md) (#4748) | ||
5 | * security: bugfix: private-cwd leaks access to the entire filesystem | ||
6 | (#4780); reported by Hugo Osvaldo Barrera | ||
3 | * exit code: distinguish fatal signals by adding 128 (#4533) | 7 | * exit code: distinguish fatal signals by adding 128 (#4533) |
4 | * close file descriptors greater than 2 (--keep-fd) (#4845) | 8 | * close file descriptors greater than 2 (--keep-fd) (#4845) |
5 | * intrusion detection system (--ids-init, --ids-check) | 9 | * intrusion detection system (--ids-init, --ids-check) |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 5a189559a..255da0fbd 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -286,6 +286,7 @@ blacklist ${HOME}/.config/LibreCAD | |||
286 | blacklist ${HOME}/.config/Loop_Hero | 286 | blacklist ${HOME}/.config/Loop_Hero |
287 | blacklist ${HOME}/.config/Luminance | 287 | blacklist ${HOME}/.config/Luminance |
288 | blacklist ${HOME}/.config/LyX | 288 | blacklist ${HOME}/.config/LyX |
289 | blacklist ${HOME}/.config/MangoHud | ||
289 | blacklist ${HOME}/.config/Mattermost | 290 | blacklist ${HOME}/.config/Mattermost |
290 | blacklist ${HOME}/.config/Meltytech | 291 | blacklist ${HOME}/.config/Meltytech |
291 | blacklist ${HOME}/.config/Mendeley Ltd. | 292 | blacklist ${HOME}/.config/Mendeley Ltd. |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index 0049ce804..b4e5ac5d9 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -12,6 +12,7 @@ whitelist /usr/share/cursors | |||
12 | whitelist /usr/share/dconf | 12 | whitelist /usr/share/dconf |
13 | whitelist /usr/share/distro-info | 13 | whitelist /usr/share/distro-info |
14 | whitelist /usr/share/drirc.d | 14 | whitelist /usr/share/drirc.d |
15 | whitelist /usr/share/egl | ||
15 | whitelist /usr/share/enchant | 16 | whitelist /usr/share/enchant |
16 | whitelist /usr/share/enchant-2 | 17 | whitelist /usr/share/enchant-2 |
17 | whitelist /usr/share/file | 18 | whitelist /usr/share/file |
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile index b31818274..b0be8a517 100644 --- a/etc/profile-m-z/steam.profile +++ b/etc/profile-m-z/steam.profile | |||
@@ -8,6 +8,7 @@ include globals.local | |||
8 | 8 | ||
9 | noblacklist ${HOME}/.config/Epic | 9 | noblacklist ${HOME}/.config/Epic |
10 | noblacklist ${HOME}/.config/Loop_Hero | 10 | noblacklist ${HOME}/.config/Loop_Hero |
11 | noblacklist ${HOME}/.config/MangoHud | ||
11 | noblacklist ${HOME}/.config/ModTheSpire | 12 | noblacklist ${HOME}/.config/ModTheSpire |
12 | noblacklist ${HOME}/.config/RogueLegacy | 13 | noblacklist ${HOME}/.config/RogueLegacy |
13 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer | 14 | noblacklist ${HOME}/.config/RogueLegacyStorageContainer |
@@ -55,6 +56,7 @@ include disable-programs.inc | |||
55 | 56 | ||
56 | mkdir ${HOME}/.config/Epic | 57 | mkdir ${HOME}/.config/Epic |
57 | mkdir ${HOME}/.config/Loop_Hero | 58 | mkdir ${HOME}/.config/Loop_Hero |
59 | mkdir ${HOME}/.config/MangoHud | ||
58 | mkdir ${HOME}/.config/ModTheSpire | 60 | mkdir ${HOME}/.config/ModTheSpire |
59 | mkdir ${HOME}/.config/RogueLegacy | 61 | mkdir ${HOME}/.config/RogueLegacy |
60 | mkdir ${HOME}/.config/unity3d | 62 | mkdir ${HOME}/.config/unity3d |
@@ -85,6 +87,7 @@ mkfile ${HOME}/.steampath | |||
85 | mkfile ${HOME}/.steampid | 87 | mkfile ${HOME}/.steampid |
86 | whitelist ${HOME}/.config/Epic | 88 | whitelist ${HOME}/.config/Epic |
87 | whitelist ${HOME}/.config/Loop_Hero | 89 | whitelist ${HOME}/.config/Loop_Hero |
90 | whitelist ${HOME}/.config/MangoHud | ||
88 | whitelist ${HOME}/.config/ModTheSpire | 91 | whitelist ${HOME}/.config/ModTheSpire |
89 | whitelist ${HOME}/.config/RogueLegacy | 92 | whitelist ${HOME}/.config/RogueLegacy |
90 | whitelist ${HOME}/.config/RogueLegacyStorageContainer | 93 | whitelist ${HOME}/.config/RogueLegacyStorageContainer |
@@ -162,3 +165,5 @@ private-tmp | |||
162 | 165 | ||
163 | # dbus-user none | 166 | # dbus-user none |
164 | # dbus-system none | 167 | # dbus-system none |
168 | |||
169 | read-only ${HOME}/.config/MangoHud | ||