profile cleanup

author: netblue30 <netblue30@yahoo.com> 2016-01-22 09:08:35 -0500
committer: netblue30 <netblue30@yahoo.com> 2016-01-22 09:08:35 -0500
commit: 59f60106a6b26c4a30668331e6978588861c59ec (patch)
tree: 6a16fbaca08f8e4a43161f583d6177aac24acf3f
parent: Merge pull request #251 from sinkuu/patch-1 (diff)
download: firejail-59f60106a6b26c4a30668331e6978588861c59ec.tar.gz
firejail-59f60106a6b26c4a30668331e6978588861c59ec.tar.zst
firejail-59f60106a6b26c4a30668331e6978588861c59ec.zip
6 files changed, 18 insertions, 1 deletions
diff --git a/Makefile.in b/Makefile.in
index 2a03e6fdf..762872b4e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -131,6 +131,7 @@ realinstall:
        install -c -m 0644 .etc/kmail.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/seamonkey.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/seamonkey-bin.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/telegram.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        bash -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
        rm -fr .etc
        # man pages
diff --git a/README b/README
index 34217608a..2e852c5c7 100644
--- a/README
+++ b/README
@@ -18,6 +18,10 @@ License: GPL v2
 Firejail Authors:
 netblue30 (netblue30@yahoo.com)
+sinkuu (https://github.com/sinkuu)
+        - blacklisting kwalletd
+Bader Zaidan (https://github.com/BaderSZ)
+        - Telegram profile
 Holger Heinz (https://github.com/hheinz)
        - manpage work
 Andrey Alekseenko (https://github.com/al42and)
diff --git a/RELNOTES b/RELNOTES
index 91ebb960e..4e903eece 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,7 +3,7 @@ firejail (0.9.37) baseline; urgency=low
  * security profiles fixes
  * dynamic allocation of noblacklist buffer
  * --ip6 option - IPv6 support
-  * added KMail, Seamonkey profiles
+  * added KMail, Seamonkey, Telegram profiles
  * --join command enhancement (--join-network, --join-filesystem)
  * symlink invocation
 -- netblue30 <netblue30@yahoo.com>  Tue,  5 Jan 2016 08:00:00 -0500
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index e7974f02d..f04702618 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -119,3 +119,7 @@ read-only ${HOME}/.xmonad
 # The user ~/bin directory can override commands such as ls
 read-only ${HOME}/bin
+# syslog
+blacklist /dev/kmsg
+blacklist /proc/kmsg
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index d72b5ffe6..ccaaa1f34 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -57,4 +57,6 @@
 /etc/firejail/kmail.profile
 /etc/firejail/seamonkey.profile
 /etc/firejail/seamonkey-bin.profile
+/etc/firejail/telegram.profile
diff --git a/todo b/todo
index 25fda9e74..8e8ffc9f2 100644
--- a/todo
+++ b/todo
@@ -115,3 +115,9 @@ The POSIX standard defines what a “portable filename” is. This turns out to
 http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_276
 22. --shutdown does not clear sandboxes started with --join on Debian jessie
+23. to document:
+http://lwn.net/Articles/414813/
+echo 1 > /proc/sys/kernel/dmesg_restrict
author	netblue30 <netblue30@yahoo.com>	2016-01-22 09:08:35 -0500
committer	netblue30 <netblue30@yahoo.com>	2016-01-22 09:08:35 -0500
commit	59f60106a6b26c4a30668331e6978588861c59ec (patch)
tree	6a16fbaca08f8e4a43161f583d6177aac24acf3f
parent	Merge pull request #251 from sinkuu/patch-1 (diff)
download	firejail-59f60106a6b26c4a30668331e6978588861c59ec.tar.gz firejail-59f60106a6b26c4a30668331e6978588861c59ec.tar.zst firejail-59f60106a6b26c4a30668331e6978588861c59ec.zip