diff options
author | netblue30 <netblue30@protonmail.com> | 2021-05-18 11:33:57 -0400 |
---|---|---|
committer | netblue30 <netblue30@protonmail.com> | 2021-05-18 11:33:57 -0400 |
commit | 98fe39849c694dc3daf17b001a2354c7d3cae50a (patch) | |
tree | 54ce6adbd00e8992f0f4e5fac3f9138362c509c7 | |
parent | Merge pull request #4273 from rusty-snake/fix-2310 (diff) | |
download | firejail-98fe39849c694dc3daf17b001a2354c7d3cae50a.tar.gz firejail-98fe39849c694dc3daf17b001a2354c7d3cae50a.tar.zst firejail-98fe39849c694dc3daf17b001a2354c7d3cae50a.zip |
readme, etc
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 51 | ||||
-rw-r--r-- | RELNOTES | 6 | ||||
-rw-r--r-- | etc/profile-m-z/pinball.profile | 3 |
4 files changed, 33 insertions, 28 deletions
@@ -744,6 +744,7 @@ Rahul Golam (https://github.com/technoLord) | |||
744 | - strings profile | 744 | - strings profile |
745 | RandomVoid (https://github.com/RandomVoid) | 745 | RandomVoid (https://github.com/RandomVoid) |
746 | - fix building C# projects in Godot | 746 | - fix building C# projects in Godot |
747 | - fix Lutris profile | ||
747 | Raphaël Droz (https://github.com/drzraf) | 748 | Raphaël Droz (https://github.com/drzraf) |
748 | - zoom profile fixes | 749 | - zoom profile fixes |
749 | realaltffour (https://github.com/realaltffour) | 750 | realaltffour (https://github.com/realaltffour) |
@@ -22,8 +22,8 @@ implemented directly in Linux kernel and available on any Linux computer. | |||
22 | <table><tr> | 22 | <table><tr> |
23 | 23 | ||
24 | <td> | 24 | <td> |
25 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=7RMz7tePA98 | 25 | <a href="http://www.youtube.com/watch?feature=player_embedded&v=8jfXL0ePV7U |
26 | " target="_blank"><img src="http://img.youtube.com/vi/7RMz7tePA98/0.jpg" | 26 | " target="_blank"><img src="http://img.youtube.com/vi/8jfXL0ePV7U/0.jpg" |
27 | alt="Firejail Introduction" width="240" height="180" border="10" /><br/>Firejail Intro</a> | 27 | alt="Firejail Introduction" width="240" height="180" border="10" /><br/>Firejail Intro</a> |
28 | </td> | 28 | </td> |
29 | 29 | ||
@@ -300,31 +300,30 @@ A small tool to print profile statistics. Compile as usual and run in /etc/profi | |||
300 | $ sudo cp src/profstats/profstats /etc/firejail/. | 300 | $ sudo cp src/profstats/profstats /etc/firejail/. |
301 | $ cd /etc/firejail | 301 | $ cd /etc/firejail |
302 | $ ./profstats *.profile | 302 | $ ./profstats *.profile |
303 | Warning: multiple caps in transmission-daemon.profile | ||
304 | |||
305 | Stats: | 303 | Stats: |
306 | profiles 1077 | 304 | profiles 1135 |
307 | include local profile 1077 (include profile-name.local) | 305 | include local profile 1135 (include profile-name.local) |
308 | include globals 1077 (include globals.local) | 306 | include globals 1106 (include globals.local) |
309 | blacklist ~/.ssh 971 (include disable-common.inc) | 307 | blacklist ~/.ssh 1009 (include disable-common.inc) |
310 | seccomp 988 | 308 | seccomp 1035 |
311 | capabilities 1076 | 309 | capabilities 1130 |
312 | noexec 960 (include disable-exec.inc) | 310 | noexec 1011 (include disable-exec.inc) |
313 | memory-deny-write-execute 231 | 311 | noroot 944 |
314 | apparmor 621 | 312 | memory-deny-write-execute 242 |
315 | private-bin 571 | 313 | apparmor 667 |
316 | private-dev 949 | 314 | private-bin 635 |
317 | private-etc 470 | 315 | private-dev 992 |
318 | private-tmp 835 | 316 | private-etc 508 |
319 | whitelist home directory 508 | 317 | private-tmp 866 |
320 | whitelist var 758 (include whitelist-var-common.inc) | 318 | whitelist home directory 542 |
321 | whitelist run/user 539 (include whitelist-runuser-common.inc | 319 | whitelist var 799 (include whitelist-var-common.inc) |
320 | whitelist run/user 597 (include whitelist-runuser-common.inc | ||
322 | or blacklist ${RUNUSER}) | 321 | or blacklist ${RUNUSER}) |
323 | whitelist usr/share 526 (include whitelist-usr-share-common.inc | 322 | whitelist usr/share 569 (include whitelist-usr-share-common.inc |
324 | net none 354 | 323 | net none 389 |
325 | dbus-user none 573 | 324 | dbus-user none 619 |
326 | dbus-user filter 86 | 325 | dbus-user filter 105 |
327 | dbus-system none 706 | 326 | dbus-system none 770 |
328 | dbus-system filter 7 | 327 | dbus-system filter 7 |
329 | ``` | 328 | ``` |
330 | 329 | ||
@@ -336,4 +335,4 @@ pcsxr, PPSSPPSDL, openmw, openmw-launcher, jami-gnome, PCSX2, bcompare, b2sum, c | |||
336 | sha256sum, sha384sum, sha512sum, sum, librewold-nightly, Quodlibet, tmux, sway, alienarena, alienarena-wrapper, | 335 | sha256sum, sha384sum, sha512sum, sum, librewold-nightly, Quodlibet, tmux, sway, alienarena, alienarena-wrapper, |
337 | ballbuster, ballbuster-wrapper, colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, glaxium-wrapper, | 336 | ballbuster, ballbuster-wrapper, colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, glaxium-wrapper, |
338 | pinball, pinball-wrapper, etr-wrapper, neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, firedragon | 337 | pinball, pinball-wrapper, etr-wrapper, neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, firedragon |
339 | neochat, node, nvm | 338 | neochat, node, nvm, cargo |
@@ -5,13 +5,14 @@ firejail (0.9.65) baseline; urgency=low | |||
5 | * --protocol now accumulates | 5 | * --protocol now accumulates |
6 | * Jolla/SailfishOS patches | 6 | * Jolla/SailfishOS patches |
7 | * private-lib rework | 7 | * private-lib rework |
8 | * whitelist rework | ||
8 | * jailtest utility for testing running sandboxes | 9 | * jailtest utility for testing running sandboxes |
9 | * removed --audit options, relpaced by jailtest | 10 | * removed --audit options, relpaced by jailtest |
10 | * capabilities list update | 11 | * capabilities list update |
11 | * faccessat2 syscall support | 12 | * faccessat2 syscall support |
12 | * --private-dev keeps /dev/input | 13 | * --private-dev keeps /dev/input |
13 | * added --noinput to disable /dev/input | 14 | * added --noinput to disable /dev/input |
14 | * Add support for subdirs in --private-etc | 15 | * add support for subdirs in --private-etc |
15 | * compile time: --enable-force-nonewprivs | 16 | * compile time: --enable-force-nonewprivs |
16 | * compile time: --disable-output | 17 | * compile time: --disable-output |
17 | * compile time: --enable-lts | 18 | * compile time: --enable-lts |
@@ -27,7 +28,8 @@ firejail (0.9.65) baseline; urgency=low | |||
27 | * alienarena, alienarena-wrapper, ballbuster, ballbuster-wrapper, | 28 | * alienarena, alienarena-wrapper, ballbuster, ballbuster-wrapper, |
28 | * colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, | 29 | * colorful, colorful-wrapper, gl-117, gl-117-wrapper, glaxium, |
29 | * glaxium-wrapper, pinball, pinball-wrapper, etr-wrapper, firedragon | 30 | * glaxium-wrapper, pinball, pinball-wrapper, etr-wrapper, firedragon |
30 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat | 31 | * neverball-wrapper, neverputt-wrapper, supertuxkart-wrapper, neochat, |
32 | * cargo | ||
31 | -- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500 | 33 | -- netblue30 <netblue30@yahoo.com> Tue, 9 Feb 2021 09:00:00 -0500 |
32 | 34 | ||
33 | firejail (0.9.64.4) baseline; urgency=low | 35 | firejail (0.9.64.4) baseline; urgency=low |
diff --git a/etc/profile-m-z/pinball.profile b/etc/profile-m-z/pinball.profile index ab433e729..2e17be2ce 100644 --- a/etc/profile-m-z/pinball.profile +++ b/etc/profile-m-z/pinball.profile | |||
@@ -19,7 +19,10 @@ include disable-xdg.inc | |||
19 | 19 | ||
20 | mkdir ${HOME}/.config/emilia | 20 | mkdir ${HOME}/.config/emilia |
21 | whitelist ${HOME}/.config/emilia | 21 | whitelist ${HOME}/.config/emilia |
22 | |||
22 | whitelist /usr/share/pinball | 23 | whitelist /usr/share/pinball |
24 | # on debian games are stored under /usr/share/games | ||
25 | whitelist /usr/share/games/pinball | ||
23 | include whitelist-common.inc | 26 | include whitelist-common.inc |
24 | include whitelist-runuser-common.inc | 27 | include whitelist-runuser-common.inc |
25 | include whitelist-usr-share-common.inc | 28 | include whitelist-usr-share-common.inc |