diff options
author | netblue30 <netblue30@yahoo.com> | 2016-08-23 10:04:41 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-08-23 10:04:41 -0400 |
commit | 1bb4451d94cde3b4617c3cbdcf765cedb2945e06 (patch) | |
tree | 5c6d5e5c4b021afdbc310d8cd240d9ebff391fef | |
parent | chroot and overlayfs hardening (diff) | |
download | firejail-1bb4451d94cde3b4617c3cbdcf765cedb2945e06.tar.gz firejail-1bb4451d94cde3b4617c3cbdcf765cedb2945e06.tar.zst firejail-1bb4451d94cde3b4617c3cbdcf765cedb2945e06.zip |
Firejail prompt is enabled by env variable FIREJAIL_PROMPT=yes
-rw-r--r-- | RELNOTES | 57 | ||||
-rw-r--r-- | src/firejail/env.c | 10 |
2 files changed, 36 insertions, 31 deletions
@@ -1,35 +1,36 @@ | |||
1 | firejail (0.9.42~rc2) baseline; urgency=low | 1 | firejail (0.9.42~rc2) baseline; urgency=low |
2 | * security: --whitelist deleted files, submitted by Vasya Novikov | 2 | * security: --whitelist deleted files, submitted by Vasya Novikov |
3 | * security: disable x32 ABI, submitted by Jann Horn | 3 | * security: disable x32 ABI in seccomp, submitted by Jann Horn |
4 | * security: tighten --chroot, submitted by Jann Horn | 4 | * security: tighten --chroot, submitted by Jann Horn |
5 | * security: terminal sandbox escape, submitted by Stephan Sokolow | 5 | * security: terminal sandbox escape, submitted by Stephan Sokolow |
6 | * deprecated --user option, please use "sudo -u username firejail" instead | 6 | * modifs: deprecated --user option, please use "sudo -u username firejail" instead |
7 | * --read-write option rework | 7 | * modifs: allow symlinks in home directory for --whitelist option |
8 | * allow symlinks in home directory for --whitelist option | 8 | * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" |
9 | * --allow-debuggers option | 9 | * modifs: recursive mkdir |
10 | * --private-template (very simillar to the former --private-home) | 10 | * modifs: include /dev/snd in --private-dev |
11 | * AppImage support (--appimage) | 11 | * modifs: seccomp filter update |
12 | * AppArmor support (--apparmor) | 12 | * feature: AppImage support (--appimage) |
13 | * compile time support for Busybox | 13 | * feature: AppArmor support (--apparmor) |
14 | * Sandbox auditing support (--audit) | 14 | * feature: Ubuntu snap support (/etc/firejail/snap.profile) |
15 | * remove environment variable (--rmenv) | 15 | * feature: Sandbox auditing support (--audit) |
16 | * noexec support (--noexec) | 16 | * feature: remove environment variable (--rmenv) |
17 | * --overlay-clean option | 17 | * feature: noexec support (--noexec) |
18 | * --overlay-named=name option | 18 | * feature: clean local overlay storage directory (--overlay-clean) |
19 | * compile time and run time support to disable overlayfs | 19 | * feature: store and reuse overlay (--overlay-named) |
20 | * Ubuntu snap support | 20 | * feature: allow debugging inside the sandbox with gdb and strace (--allow-debuggers) |
21 | * include /dev/snd in --private-dev | 21 | * feature: mkfile profile command |
22 | * added mkfile profile command | 22 | * feature: quiet profile command |
23 | * added quiet profile command | 23 | * feature: x11 profile command |
24 | * recursive mkdir | 24 | * compile time: Busybox support (--enable-busybox-workaround) |
25 | * seccomp filter updated | 25 | * compile time: disable overlayfs (--disable-overlayfs) |
26 | * compile time and run time support to disable whitelists | 26 | * compile time: disable whitlisting (--disable-whitelist) |
27 | * compile time support to disable global configuration file | 27 | * compile time: disable global config (--disable-globalcfg) |
28 | * run time support to disable remounting of /proc and /sys | 28 | * run time: enable/disable overlayfs (overlayfs yes/no) |
29 | * run time support to disable chroot desktop features | 29 | * run time: enable/disable quiet as default (quiet-by-default yes/no) |
30 | * added quiet-by-default config option in /etc/firejail/firejail.config | 30 | * run time: user-defined network filter (netfilter-default) |
31 | * added netfilter-default config option in /etc/firejail/firejail.config | 31 | * run time: enable/disable whitelisting (whitelist yes/no) |
32 | * added x11 command for profile files | 32 | * run time: enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) |
33 | * run time: enable/disable chroot desktop features (chroot-desktop yes/no) | ||
33 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice | 34 | * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice |
34 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less | 35 | * new profiles: pix, audacity, xz, xzdec, gzip, cpio, less |
35 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview | 36 | * new profiles: Atom Beta, Atom, jitsi, eom, uudeview |
diff --git a/src/firejail/env.c b/src/firejail/env.c index c05abadca..2c8be3852 100644 --- a/src/firejail/env.c +++ b/src/firejail/env.c | |||
@@ -123,10 +123,14 @@ void env_defaults(void) { | |||
123 | errExit("setenv"); | 123 | errExit("setenv"); |
124 | if (cfg.shell && setenv("SHELL", cfg.shell, 1) < 0) | 124 | if (cfg.shell && setenv("SHELL", cfg.shell, 1) < 0) |
125 | errExit("setenv"); | 125 | errExit("setenv"); |
126 | |||
126 | // set prompt color to green | 127 | // set prompt color to green |
127 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' | 128 | char *prompt = getenv("FIREJAIL_PROMPT"); |
128 | // if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | 129 | if (prompt && strcmp(prompt, "yes") == 0) { |
129 | // errExit("setenv"); | 130 | //export PS1='\[\e[1;32m\][\u@\h \W]\$\[\e[0m\] ' |
131 | if (setenv("PROMPT_COMMAND", "export PS1=\"\\[\\e[1;32m\\][\\u@\\h \\W]\\$\\[\\e[0m\\] \"", 1) < 0) | ||
132 | errExit("setenv"); | ||
133 | } | ||
130 | 134 | ||
131 | // set the window title | 135 | // set the window title |
132 | printf("\033]0;firejail %s\007", cfg.window_title); | 136 | printf("\033]0;firejail %s\007", cfg.window_title); |