diff options
author | netblue30 <netblue30@yahoo.com> | 2017-07-25 10:03:50 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2017-07-25 10:03:50 -0400 |
commit | 547daec90521bb9ca8e82eb0214355aca876d956 (patch) | |
tree | aa9732849a59125d5e4225414e33d42a3759cbe4 | |
parent | Merge pull request #1402 from topimiettinen/nosuid-noexec-nodev-proc-sys (diff) | |
download | firejail-547daec90521bb9ca8e82eb0214355aca876d956.tar.gz firejail-547daec90521bb9ca8e82eb0214355aca876d956.tar.zst firejail-547daec90521bb9ca8e82eb0214355aca876d956.zip |
merges
-rw-r--r-- | README | 2 | ||||
-rw-r--r-- | README.md | 9 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 7 |
4 files changed, 19 insertions, 1 deletions
@@ -442,6 +442,8 @@ Tomasz Jan Góralczyk (https://github.com/tjg) | |||
442 | - fixed Steam profile | 442 | - fixed Steam profile |
443 | Topi Miettinen (https://github.com/topimiettinen) | 443 | Topi Miettinen (https://github.com/topimiettinen) |
444 | - improve mount handling, fix /run/user handling | 444 | - improve mount handling, fix /run/user handling |
445 | - /proc/sys can be nosuid,noexec,nodev | ||
446 | - seccomp default list update | ||
445 | valoq (https://github.com/valoq) | 447 | valoq (https://github.com/valoq) |
446 | - lots of profile fixes | 448 | - lots of profile fixes |
447 | - added support for /srv in --whitelist feature | 449 | - added support for /srv in --whitelist feature |
@@ -114,6 +114,15 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
114 | fox | 114 | fox |
115 | ````` | 115 | ````` |
116 | 116 | ||
117 | ## Default seccomp list update | ||
118 | |||
119 | The following syscalls have been added: | ||
120 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | ||
121 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | ||
122 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | ||
123 | ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted by default. | ||
124 | |||
125 | |||
117 | 126 | ||
118 | ## New profiles: | 127 | ## New profiles: |
119 | 128 | ||
@@ -2,6 +2,8 @@ firejail (0.9.49) baseline; urgency=low | |||
2 | * work in progress! | 2 | * work in progress! |
3 | * feature: per-profile disable-mnt (--disable-mnt) | 3 | * feature: per-profile disable-mnt (--disable-mnt) |
4 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) | 4 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) |
5 | * enhancement: /proc/sys mounting | ||
6 | * enhancement: default seccomp list update | ||
5 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | 7 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, |
6 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | 8 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, |
7 | * new profiles: Android Studio | 9 | * new profiles: Android Studio |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3253ae8bb..cd47800c5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -1458,7 +1458,12 @@ remap_file_pages, mbind, get_mempolicy, set_mempolicy, | |||
1458 | migrate_pages, move_pages, vmsplice, chroot, | 1458 | migrate_pages, move_pages, vmsplice, chroot, |
1459 | tuxcall, reboot, mfsservctl, get_kernel_syms, | 1459 | tuxcall, reboot, mfsservctl, get_kernel_syms, |
1460 | bpf, clock_settime, personality, process_vm_writev, query_module, | 1460 | bpf, clock_settime, personality, process_vm_writev, query_module, |
1461 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | 1461 | settimeofday, stime, umount, userfaultfd, ustat, vm86, vm86old, |
1462 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | ||
1463 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | ||
1464 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | ||
1465 | ulimit, vhangup and vserver | ||
1466 | |||
1462 | .br | 1467 | .br |
1463 | 1468 | ||
1464 | .br | 1469 | .br |