Merge branch 'master' of ssh://github.com/netblue30/firejail

author: netblue30 <netblue30@protonmail.com> 2022-02-03 09:32:25 -0500
committer: netblue30 <netblue30@protonmail.com> 2022-02-03 09:32:25 -0500
commit: 9b22a26f767f5a7605ad8be7b93f6c21dad04eb7 (patch)
tree: adce9713754db45ef15696fe8570013d2c821cf2
parent: fix map view in geeqie (diff)
parent: Merge pull request #4889 from kmk3/relnotes-add-security-items (diff)
download: firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.gz
firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.zst
firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.zip
4 files changed, 11 insertions, 0 deletions
diff --git a/RELNOTES b/RELNOTES
index 8fd438ad3..651512831 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,9 @@
 firejail (0.9.68rc2) baseline; urgency=low
  * work in progress
+  * security: on Ubuntu, the PPA is now recommended over the distro package
+    (see README.md) (#4748)
+  * security: bugfix: private-cwd leaks access to the entire filesystem
+    (#4780); reported by Hugo Osvaldo Barrera
  * exit code: distinguish fatal signals by adding 128 (#4533)
  * close file descriptors greater than 2 (--keep-fd) (#4845)
  * intrusion detection system (--ids-init, --ids-check)
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 5a189559a..255da0fbd 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -286,6 +286,7 @@ blacklist ${HOME}/.config/LibreCAD
 blacklist ${HOME}/.config/Loop_Hero
 blacklist ${HOME}/.config/Luminance
 blacklist ${HOME}/.config/LyX
+blacklist ${HOME}/.config/MangoHud
 blacklist ${HOME}/.config/Mattermost
 blacklist ${HOME}/.config/Meltytech
 blacklist ${HOME}/.config/Mendeley Ltd.
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc
index 0049ce804..b4e5ac5d9 100644
--- a/etc/inc/whitelist-usr-share-common.inc
+++ b/etc/inc/whitelist-usr-share-common.inc
@@ -12,6 +12,7 @@ whitelist /usr/share/cursors
 whitelist /usr/share/dconf
 whitelist /usr/share/distro-info
 whitelist /usr/share/drirc.d
+whitelist /usr/share/egl
 whitelist /usr/share/enchant
 whitelist /usr/share/enchant-2
 whitelist /usr/share/file
diff --git a/etc/profile-m-z/steam.profile b/etc/profile-m-z/steam.profile
index b31818274..b0be8a517 100644
--- a/etc/profile-m-z/steam.profile
+++ b/etc/profile-m-z/steam.profile
@@ -8,6 +8,7 @@ include globals.local
 noblacklist ${HOME}/.config/Epic
 noblacklist ${HOME}/.config/Loop_Hero
+noblacklist ${HOME}/.config/MangoHud
 noblacklist ${HOME}/.config/ModTheSpire
 noblacklist ${HOME}/.config/RogueLegacy
 noblacklist ${HOME}/.config/RogueLegacyStorageContainer
@@ -55,6 +56,7 @@ include disable-programs.inc
 mkdir ${HOME}/.config/Epic
 mkdir ${HOME}/.config/Loop_Hero
+mkdir ${HOME}/.config/MangoHud
 mkdir ${HOME}/.config/ModTheSpire
 mkdir ${HOME}/.config/RogueLegacy
 mkdir ${HOME}/.config/unity3d
@@ -85,6 +87,7 @@ mkfile ${HOME}/.steampath
 mkfile ${HOME}/.steampid
 whitelist ${HOME}/.config/Epic
 whitelist ${HOME}/.config/Loop_Hero
+whitelist ${HOME}/.config/MangoHud
 whitelist ${HOME}/.config/ModTheSpire
 whitelist ${HOME}/.config/RogueLegacy
 whitelist ${HOME}/.config/RogueLegacyStorageContainer
@@ -162,3 +165,5 @@ private-tmp
 # dbus-user none
 # dbus-system none
+read-only ${HOME}/.config/MangoHud
author	netblue30 <netblue30@protonmail.com>	2022-02-03 09:32:25 -0500
committer	netblue30 <netblue30@protonmail.com>	2022-02-03 09:32:25 -0500
commit	9b22a26f767f5a7605ad8be7b93f6c21dad04eb7 (patch)
tree	adce9713754db45ef15696fe8570013d2c821cf2
parent	fix map view in geeqie (diff)
parent	Merge pull request #4889 from kmk3/relnotes-add-security-items (diff)
download	firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.gz firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.tar.zst firejail-9b22a26f767f5a7605ad8be7b93f6c21dad04eb7.zip