diff options
author | netblue30 <netblue30@yahoo.com> | 2016-10-23 08:20:22 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-10-23 08:20:22 -0400 |
commit | 4802d8b42393e1128279d43f5ba8dac918ffc1df (patch) | |
tree | 698533e0d2612e4bd02297c5d6680ebaeac2543f | |
parent | 0.9.44 - build rpm (diff) | |
download | firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.tar.gz firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.tar.zst firejail-4802d8b42393e1128279d43f5ba8dac918ffc1df.zip |
starting 0.9.45 devel version
-rw-r--r-- | README.md | 70 | ||||
-rw-r--r-- | RELNOTES | 4 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 |
4 files changed, 15 insertions, 79 deletions
@@ -47,73 +47,5 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is | |||
47 | ````` | 47 | ````` |
48 | 48 | ||
49 | ````` | 49 | ````` |
50 | # Current development version: 0.9.43 | 50 | # Current development version: 0.9.45 |
51 | |||
52 | ## X11 development | ||
53 | ````` | ||
54 | --x11=none | ||
55 | Blacklist /tmp/.X11-unix directory, ${HOME}/.Xauthority and the | ||
56 | file specified in ${XAUTHORITY} environment variable. Remove | ||
57 | DISPLAY and XAUTHORITY environment variables. Stop with error | ||
58 | message if X11 abstract socket will be accessible in jail. | ||
59 | |||
60 | --x11=xorg | ||
61 | Sandbox the application using the untrusted mode implemented by | ||
62 | X11 security extension. The extension is available in Xorg | ||
63 | package and it is installed by default on most Linux distribu‐ | ||
64 | tions. It provides support for a simple trusted/untrusted con‐ | ||
65 | nection model. Untrusted clients are restricted in certain ways | ||
66 | to prevent them from reading window contents of other clients, | ||
67 | stealing input events, etc. | ||
68 | |||
69 | The untrusted mode has several limitations. A lot of regular | ||
70 | programs assume they are a trusted X11 clients and will crash | ||
71 | or lock up when run in untrusted mode. Chromium browser and | ||
72 | xterm are two examples. Firefox and transmission-gtk seem to be | ||
73 | working fine. A network namespace is not required for this | ||
74 | option. | ||
75 | |||
76 | Example: | ||
77 | $ firejail --x11=xorg firefox | ||
78 | ````` | ||
79 | |||
80 | ## Other command line options | ||
81 | ````` | ||
82 | --put=name|pid src-filename dest-filename | ||
83 | Put src-filename in sandbox container. The container is specified by name or PID. | ||
84 | |||
85 | --allusers | ||
86 | All user home directories are visible inside the sandbox. By default, only current user home | ||
87 | directory is visible. | ||
88 | |||
89 | Example: | ||
90 | $ firejail --allusers | ||
91 | |||
92 | --join-or-start=name | ||
93 | Join the sandbox identified by name or start a new one. Same as "firejail --join=name" if | ||
94 | sandbox with specified name exists, otherwise same as "firejail --name=name ..." | ||
95 | Note that in contrary to other join options there is respective profile option. | ||
96 | |||
97 | --no3d Disable 3D hardware acceleration. | ||
98 | |||
99 | Example: | ||
100 | $ firejail --no3d firefox | ||
101 | |||
102 | --veth-name=name | ||
103 | Use this name for the interface connected to the bridge for | ||
104 | --net=bridge_interface commands, instead of the default one. | ||
105 | |||
106 | Example: | ||
107 | $ firejail --net=br0 --veth-name=if0 | ||
108 | |||
109 | ````` | ||
110 | |||
111 | ## New profile commands | ||
112 | |||
113 | x11 xpra, x11 xephyr, x11 none, x11 xorg, allusers, join-or-start | ||
114 | |||
115 | ## New profiles | ||
116 | |||
117 | qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape, feh, ranger, zathura, 7z, keepass, keepassx, | ||
118 | claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot, Flowblade, Eye of GNOME (eog), Evolution | ||
119 | 51 | ||
@@ -1,3 +1,7 @@ | |||
1 | firejail (0.9.45) baseline; urgency=low | ||
2 | * development version, work in progress | ||
3 | -- netblue30 <netblue30@yahoo.com> Sun, 23 Oct 2016 08:00:00 -0500 | ||
4 | |||
1 | firejail (0.9.44) baseline; urgency=low | 5 | firejail (0.9.44) baseline; urgency=low |
2 | * CVE-2016-7545 submitted by Aleksey Manevich | 6 | * CVE-2016-7545 submitted by Aleksey Manevich |
3 | * modifs: removed man firejail-config | 7 | * modifs: removed man firejail-config |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.44. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.45. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.44' | 583 | PACKAGE_VERSION='0.9.45' |
584 | PACKAGE_STRING='firejail 0.9.44' | 584 | PACKAGE_STRING='firejail 0.9.45' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1259,7 +1259,7 @@ if test "$ac_init_help" = "long"; then | |||
1259 | # Omit some internal or obsolete options to make the list less imposing. | 1259 | # Omit some internal or obsolete options to make the list less imposing. |
1260 | # This message is too long to be a string in the A/UX 3.1 sh. | 1260 | # This message is too long to be a string in the A/UX 3.1 sh. |
1261 | cat <<_ACEOF | 1261 | cat <<_ACEOF |
1262 | \`configure' configures firejail 0.9.44 to adapt to many kinds of systems. | 1262 | \`configure' configures firejail 0.9.45 to adapt to many kinds of systems. |
1263 | 1263 | ||
1264 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1264 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1265 | 1265 | ||
@@ -1320,7 +1320,7 @@ fi | |||
1320 | 1320 | ||
1321 | if test -n "$ac_init_help"; then | 1321 | if test -n "$ac_init_help"; then |
1322 | case $ac_init_help in | 1322 | case $ac_init_help in |
1323 | short | recursive ) echo "Configuration of firejail 0.9.44:";; | 1323 | short | recursive ) echo "Configuration of firejail 0.9.45:";; |
1324 | esac | 1324 | esac |
1325 | cat <<\_ACEOF | 1325 | cat <<\_ACEOF |
1326 | 1326 | ||
@@ -1424,7 +1424,7 @@ fi | |||
1424 | test -n "$ac_init_help" && exit $ac_status | 1424 | test -n "$ac_init_help" && exit $ac_status |
1425 | if $ac_init_version; then | 1425 | if $ac_init_version; then |
1426 | cat <<\_ACEOF | 1426 | cat <<\_ACEOF |
1427 | firejail configure 0.9.44 | 1427 | firejail configure 0.9.45 |
1428 | generated by GNU Autoconf 2.69 | 1428 | generated by GNU Autoconf 2.69 |
1429 | 1429 | ||
1430 | Copyright (C) 2012 Free Software Foundation, Inc. | 1430 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1726,7 +1726,7 @@ cat >config.log <<_ACEOF | |||
1726 | This file contains any messages produced by compilers while | 1726 | This file contains any messages produced by compilers while |
1727 | running configure, to aid debugging if configure makes a mistake. | 1727 | running configure, to aid debugging if configure makes a mistake. |
1728 | 1728 | ||
1729 | It was created by firejail $as_me 0.9.44, which was | 1729 | It was created by firejail $as_me 0.9.45, which was |
1730 | generated by GNU Autoconf 2.69. Invocation command line was | 1730 | generated by GNU Autoconf 2.69. Invocation command line was |
1731 | 1731 | ||
1732 | $ $0 $@ | 1732 | $ $0 $@ |
@@ -4303,7 +4303,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4303 | # report actual input values of CONFIG_FILES etc. instead of their | 4303 | # report actual input values of CONFIG_FILES etc. instead of their |
4304 | # values after options handling. | 4304 | # values after options handling. |
4305 | ac_log=" | 4305 | ac_log=" |
4306 | This file was extended by firejail $as_me 0.9.44, which was | 4306 | This file was extended by firejail $as_me 0.9.45, which was |
4307 | generated by GNU Autoconf 2.69. Invocation command line was | 4307 | generated by GNU Autoconf 2.69. Invocation command line was |
4308 | 4308 | ||
4309 | CONFIG_FILES = $CONFIG_FILES | 4309 | CONFIG_FILES = $CONFIG_FILES |
@@ -4357,7 +4357,7 @@ _ACEOF | |||
4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4357 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4358 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4359 | ac_cs_version="\\ | 4359 | ac_cs_version="\\ |
4360 | firejail config.status 0.9.44 | 4360 | firejail config.status 0.9.45 |
4361 | configured by $0, generated by GNU Autoconf 2.69, | 4361 | configured by $0, generated by GNU Autoconf 2.69, |
4362 | with options \\"\$ac_cs_config\\" | 4362 | with options \\"\$ac_cs_config\\" |
4363 | 4363 | ||
diff --git a/configure.ac b/configure.ac index da4b31591..95947a8e3 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.44, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.45, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||