diff options
author | netblue30 <netblue30@yahoo.com> | 2016-07-05 07:37:51 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-07-05 07:37:51 -0400 |
commit | 0afe2e19b46e73c3b87a82cb84b42b61fb8216fe (patch) | |
tree | b2edb3620426075e6fecb437eac5de715af72d9e | |
parent | faudit: dbus (diff) | |
parent | readme (diff) | |
download | firejail-0afe2e19b46e73c3b87a82cb84b42b61fb8216fe.tar.gz firejail-0afe2e19b46e73c3b87a82cb84b42b61fb8216fe.tar.zst firejail-0afe2e19b46e73c3b87a82cb84b42b61fb8216fe.zip |
Merge branch 'master' of https://github.com/netblue30/firejail
-rw-r--r-- | README | 52 | ||||
-rw-r--r-- | etc/Telegram.profile | 13 | ||||
-rw-r--r-- | etc/qtox.profile | 5 | ||||
-rw-r--r-- | src/firejail/join.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 2 |
5 files changed, 36 insertions, 40 deletions
@@ -25,6 +25,33 @@ Reiner Herrmann (https://github.com/reinerh) | |||
25 | - clang-analyzer fixes | 25 | - clang-analyzer fixes |
26 | - Debian reproducible build | 26 | - Debian reproducible build |
27 | - unit testing framework | 27 | - unit testing framework |
28 | Aleksey Manevich (https://github.com/manevich) | ||
29 | - several profile fixes | ||
30 | - fix problem with relative path in storage_find function | ||
31 | - fix build for systems without bash | ||
32 | - fix double quotes/single quotes problem | ||
33 | Fred-Barclay (https://github.com/Fred-Barclay) | ||
34 | - added Vivaldi, Atril profiles | ||
35 | - added PaleMoon profile | ||
36 | - split Icedove and Thunderbird profiles | ||
37 | - added 0ad profile | ||
38 | - fixed version for .deb packages | ||
39 | - added Warzone2100 profile | ||
40 | - blacklisted VeraCrypt | ||
41 | - added Gpredict profile | ||
42 | - added Aweather, Stellarium profiles | ||
43 | - fixed HexChat and Atril profiles | ||
44 | - fixed disable-common.inc for mate-terminal | ||
45 | - blacklisted escape-happy terminals in disable-common.inc | ||
46 | - blacklisted g++ | ||
47 | - added xplayer, xreader, and xviewer profiles | ||
48 | - added Brave profile | ||
49 | - added Gitter profile | ||
50 | - various organising | ||
51 | - added LibreOffice profile | ||
52 | - added pix profile | ||
53 | - added audacity profile | ||
54 | - fixed Telegram and qtox profiles | ||
28 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) | 55 | Jaykishan Mutkawoa (https://github.com/jmutkawoa) |
29 | - cpio profile | 56 | - cpio profile |
30 | Paupiah Yash (https://github.com/CaffeinatedStud) | 57 | Paupiah Yash (https://github.com/CaffeinatedStud) |
@@ -80,27 +107,6 @@ Joan Figueras (https://github.com/figue) | |||
80 | - added abrowser profile | 107 | - added abrowser profile |
81 | - added Google-Play-Music-Desktop-Player | 108 | - added Google-Play-Music-Desktop-Player |
82 | - added cyberfox profile | 109 | - added cyberfox profile |
83 | Fred-Barclay (https://github.com/Fred-Barclay) | ||
84 | - added Vivaldi, Atril profiles | ||
85 | - added PaleMoon profile | ||
86 | - split Icedove and Thunderbird profiles | ||
87 | - added 0ad profile | ||
88 | - fixed version for .deb packages | ||
89 | - added Warzone2100 profile | ||
90 | - blacklisted VeraCrypt | ||
91 | - added Gpredict profile | ||
92 | - added Aweather, Stellarium profiles | ||
93 | - fixed HexChat and Atril profiles | ||
94 | - fixed disable-common.inc for mate-terminal | ||
95 | - blacklisted escape-happy terminals in disable-common.inc | ||
96 | - blacklisted g++ | ||
97 | - added xplayer, xreader, and xviewer profiles | ||
98 | - added Brave profile | ||
99 | - added Gitter profile | ||
100 | - various organising | ||
101 | - added LibreOffice profile | ||
102 | - added pix profile | ||
103 | - added audacity profile | ||
104 | Petter Reinholdtsen (pere@hungry.com) | 110 | Petter Reinholdtsen (pere@hungry.com) |
105 | - Opera profile patch | 111 | - Opera profile patch |
106 | n1trux (https://github.com/n1trux) | 112 | n1trux (https://github.com/n1trux) |
@@ -131,10 +137,6 @@ Tom Mellor (https://github.com/kalegrill) | |||
131 | Martin Carpenter (https://github.com/mcarpenter) | 137 | Martin Carpenter (https://github.com/mcarpenter) |
132 | - security audit and bug fixes | 138 | - security audit and bug fixes |
133 | - Centos 6.x support | 139 | - Centos 6.x support |
134 | Aleksey Manevich (https://github.com/manevich) | ||
135 | - several profile fixes | ||
136 | - fix problem with relative path in storage_find function | ||
137 | - fix build for systems without bash | ||
138 | pszxzsd (https://github.com/pszxzsd) | 140 | pszxzsd (https://github.com/pszxzsd) |
139 | -uGet profile | 141 | -uGet profile |
140 | Rahiel Kasim (https://github.com/rahiel) | 142 | Rahiel Kasim (https://github.com/rahiel) |
diff --git a/etc/Telegram.profile b/etc/Telegram.profile index 8e91e426b..2e0f97821 100644 --- a/etc/Telegram.profile +++ b/etc/Telegram.profile | |||
@@ -1,13 +1,2 @@ | |||
1 | # Telegram IRC profile | 1 | # Telegram IRC profile |
2 | noblacklist ${HOME}/.TelegramDesktop | 2 | include /etc/firejail/telegram.profile |
3 | include /etc/firejail/disable-common.inc | ||
4 | include /etc/firejail/disable-programs.inc | ||
5 | include /etc/firejail/disable-devel.inc | ||
6 | |||
7 | caps.drop all | ||
8 | netfilter | ||
9 | nonewprivs | ||
10 | noroot | ||
11 | protocol unix,inet,inet6 | ||
12 | seccomp | ||
13 | |||
diff --git a/etc/qtox.profile b/etc/qtox.profile index 3a19efa3a..39f900748 100644 --- a/etc/qtox.profile +++ b/etc/qtox.profile | |||
@@ -3,6 +3,7 @@ noblacklist ${HOME}/.config/tox | |||
3 | include /etc/firejail/disable-common.inc | 3 | include /etc/firejail/disable-common.inc |
4 | include /etc/firejail/disable-programs.inc | 4 | include /etc/firejail/disable-programs.inc |
5 | include /etc/firejail/disable-devel.inc | 5 | include /etc/firejail/disable-devel.inc |
6 | include /etc/firejail/disable-passwdmgr.inc | ||
6 | 7 | ||
7 | mkdir ${HOME}/.config/tox | 8 | mkdir ${HOME}/.config/tox |
8 | whitelist ${HOME}/.config/tox | 9 | whitelist ${HOME}/.config/tox |
@@ -10,7 +11,11 @@ whitelist ${DOWNLOADS} | |||
10 | include /etc/firejail/whitelist-common.inc | 11 | include /etc/firejail/whitelist-common.inc |
11 | 12 | ||
12 | caps.drop all | 13 | caps.drop all |
14 | netfilter | ||
13 | nonewprivs | 15 | nonewprivs |
14 | noroot | 16 | noroot |
15 | protocol unix,inet,inet6 | 17 | protocol unix,inet,inet6 |
16 | seccomp | 18 | seccomp |
19 | shell none | ||
20 | tracelog | ||
21 | |||
diff --git a/src/firejail/join.c b/src/firejail/join.c index aba8f064b..47d31669d 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -62,9 +62,9 @@ static void extract_command(int argc, char **argv, int index) { | |||
62 | *cfg.command_line = '\0'; | 62 | *cfg.command_line = '\0'; |
63 | for (i = index; i < argc; i++) { | 63 | for (i = index; i < argc; i++) { |
64 | if (strchr(argv[i], '&')) { | 64 | if (strchr(argv[i], '&')) { |
65 | strcat(cfg.command_line, "\""); | 65 | strcat(cfg.command_line, "\'"); |
66 | strcat(cfg.command_line, argv[i]); | 66 | strcat(cfg.command_line, argv[i]); |
67 | strcat(cfg.command_line, "\" "); | 67 | strcat(cfg.command_line, "\' "); |
68 | } | 68 | } |
69 | else { | 69 | else { |
70 | strcat(cfg.command_line, argv[i]); | 70 | strcat(cfg.command_line, argv[i]); |
diff --git a/src/firejail/main.c b/src/firejail/main.c index 6faec9109..7b956bf64 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -2005,7 +2005,7 @@ int main(int argc, char **argv) { | |||
2005 | sprintf(ptr1, "%s ", argv[i + prog_index]); | 2005 | sprintf(ptr1, "%s ", argv[i + prog_index]); |
2006 | } | 2006 | } |
2007 | else { | 2007 | else { |
2008 | sprintf(ptr1, "\"%s\" ", argv[i + prog_index]); | 2008 | sprintf(ptr1, "\'%s\' ", argv[i + prog_index]); |
2009 | } | 2009 | } |
2010 | sprintf(ptr2, "%s ", argv[i + prog_index]); | 2010 | sprintf(ptr2, "%s ", argv[i + prog_index]); |
2011 | 2011 | ||