starting 0.9.62.2, included profile-fixes.patch and apparmor-include.patch from Debian sid (firejail 0.9.62-3)

author: netblue30 <netblue30@yahoo.com> 2020-08-07 16:34:17 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-08-07 16:34:17 -0400
commit: 30457f8d26843b7729a842b2576b2a3df6daee31 (patch)
tree: 5091662d640515046c194243b2d422024c33f2d6
parent: Add appimage fix to electrum.profile (diff)
download: firejail-30457f8d26843b7729a842b2576b2a3df6daee31.tar.gz
firejail-30457f8d26843b7729a842b2576b2a3df6daee31.tar.zst
firejail-30457f8d26843b7729a842b2576b2a3df6daee31.zip
9 files changed, 35 insertions, 15 deletions
diff --git a/Makefile.in b/Makefile.in
index e065741f5..bc0d13499 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -137,8 +137,6 @@ ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR)
        sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;"
        install -c -m 0644 etc/firejail-default $(DESTDIR)/$(sysconfdir)/apparmor.d/.
        sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;"
-        # install apparmor profile customization file
-        sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-local ]; then install -c -m 0644 etc/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/.; fi;"
 endif
        # man pages
        install -m 0755 -d $(DESTDIR)/$(mandir)/man1
diff --git a/RELNOTES b/RELNOTES
index e19470475..6cf627aa0 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,3 +1,9 @@
+firejail (0.9.62.2) baseline; urgency=low
+  * work in progress
+  * patches from Debian (firejail 0.9.62-3, sid):
+         profile-fixes.patch, apparmor-include.patch
+ -- netblue30 <netblue30@yahoo.com>  Fri, 7 Aug 2020 08:00:00 -0500
 firejail (0.9.62) baseline; urgency=low
  * added file-copy-limit in /etc/firejail/firejail.config
  * profile templates (/usr/share/doc/firejail)
diff --git a/configure b/configure
index ffff28f1e..e6d66a5a3 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.62.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.62.2.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.62'
+PACKAGE_VERSION='0.9.62.2'
-PACKAGE_STRING='firejail 0.9.62'
+PACKAGE_STRING='firejail 0.9.62.2'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='https://firejail.wordpress.com'
@@ -682,6 +682,7 @@ infodir
 docdir
 oldincludedir
 includedir
+runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -774,6 +775,7 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
+runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1026,6 +1028,15 @@ do
  | -silent | --silent | --silen | --sile | --sil)
    silent=yes ;;
+  -runstatedir | --runstatedir | --runstatedi | --runstated \
+  | --runstate | --runstat | --runsta | --runst | --runs \
+  | --run | --ru | --r)
+    ac_prev=runstatedir ;;
+  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
+  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
+  | --run=* | --ru=* | --r=*)
+    runstatedir=$ac_optarg ;;
  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
    ac_prev=sbindir ;;
  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1163,7 +1174,7 @@ fi
 for ac_var in   exec_prefix prefix bindir sbindir libexecdir datarootdir \
                datadir sysconfdir sharedstatedir localstatedir includedir \
                oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-                libdir localedir mandir
+                libdir localedir mandir runstatedir
 do
  eval ac_val=\$$ac_var
  # Remove trailing slashes.
@@ -1276,7 +1287,7 @@ if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
-\`configure' configures firejail 0.9.62 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.62.2 to adapt to many kinds of systems.
 Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1316,6 +1327,7 @@ Fine tuning of the installation directories:
  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
  --libdir=DIR            object code libraries [EPREFIX/lib]
  --includedir=DIR        C header files [PREFIX/include]
  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
@@ -1337,7 +1349,7 @@ fi
 if test -n "$ac_init_help"; then
  case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.62:";;
+     short | recursive ) echo "Configuration of firejail 0.9.62.2:";;
   esac
  cat <<\_ACEOF
@@ -1450,7 +1462,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
  cat <<\_ACEOF
-firejail configure 0.9.62
+firejail configure 0.9.62.2
 generated by GNU Autoconf 2.69
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1752,7 +1764,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
-It was created by firejail $as_me 0.9.62, which was
+It was created by firejail $as_me 0.9.62.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  $ $0 $@
@@ -4701,7 +4713,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.62, which was
+This file was extended by firejail $as_me 0.9.62.2, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
  CONFIG_FILES    = $CONFIG_FILES
@@ -4755,7 +4767,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.62
+firejail config.status 0.9.62.2
 configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"
diff --git a/configure.ac b/configure.ac
index ad47bfa12..e7bec6980 100644
--- a/configure.ac
+++ b/configure.ac
@@ -12,7 +12,7 @@
 #
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.62, netblue30@yahoo.com, , https://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.62.2, netblue30@yahoo.com, , https://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 AC_CONFIG_MACRO_DIR([m4])
diff --git a/etc/firefox.profile b/etc/firefox.profile
index 0278c70f2..50f40a039 100644
--- a/etc/firefox.profile
+++ b/etc/firefox.profile
@@ -15,6 +15,7 @@ whitelist ${HOME}/.cache/mozilla/firefox
 whitelist ${HOME}/.mozilla
 whitelist /usr/share/mozilla
+whitelist /usr/share/webext
 include whitelist-usr-share-common.inc
 # firefox requires a shell to launch on Arch.
diff --git a/etc/firejail-default b/etc/firejail-default
index 2987e538c..e7ded1edc 100644
--- a/etc/firejail-default
+++ b/etc/firejail-default
@@ -152,5 +152,5 @@ capability setfcap,
 #capability mac_admin,
 # Site-specific additions and overrides. See local/README for details.
-#include <local/firejail-local>
+#include <local/firejail-default>
 }
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile
index f1e7fcb17..1841b8ed0 100644
--- a/etc/transmission-daemon.profile
+++ b/etc/transmission-daemon.profile
@@ -7,6 +7,8 @@ include transmission-daemon.local
 # Persistent global definitions
 include globals.local
+mkdir ${HOME}/.config/transmission-daemon
+whitelist ${HOME}/.config/transmission-daemon
 whitelist /var/lib/transmission
 caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
diff --git a/etc/whitelist-usr-share-common.inc b/etc/whitelist-usr-share-common.inc
index 169fb26fa..be0a29d94 100644
--- a/etc/whitelist-usr-share-common.inc
+++ b/etc/whitelist-usr-share-common.inc
@@ -27,6 +27,7 @@ whitelist /usr/share/hunspell
 whitelist /usr/share/hwdata
 whitelist /usr/share/icons
 whitelist /usr/share/knotifications5
+whitelist /usr/share/icu
 whitelist /usr/share/kservices5
 whitelist /usr/share/Kvantum
 whitelist /usr/share/kxmlgui5
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index cabc4f619..9e508d043 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -2489,7 +2489,7 @@ AppArmor support is disabled by default at compile time. Use --enable-apparmor c
 .br
 $ ./configure --prefix=/usr --enable-apparmor
 .TP
-During software install, a generic AppArmor profile file, firejail-default, is placed in /etc/apparmor.d directory. The local customizations must be placed in /etc/apparmor.d/local/firejail-local. The profile needs to be loaded into the kernel by reloading apparmor.service, rebooting the system or running the following command as root:
+During software install, a generic AppArmor profile file, firejail-default, is placed in /etc/apparmor.d directory. The local customizations must be placed in /etc/apparmor.d/local/firejail-default. The profile needs to be loaded into the kernel by reloading apparmor.service, rebooting the system or running the following command as root:
 .br
 .br
author	netblue30 <netblue30@yahoo.com>	2020-08-07 16:34:17 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-08-07 16:34:17 -0400
commit	30457f8d26843b7729a842b2576b2a3df6daee31 (patch)
tree	5091662d640515046c194243b2d422024c33f2d6
parent	Add appimage fix to electrum.profile (diff)
download	firejail-30457f8d26843b7729a842b2576b2a3df6daee31.tar.gz firejail-30457f8d26843b7729a842b2576b2a3df6daee31.tar.zst firejail-30457f8d26843b7729a842b2576b2a3df6daee31.zip