fixes

8 files changed, 21 insertions, 5 deletions

diff --git a/Makefile.in b/Makefile.in
index 34daed387..edcf09225 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -184,6 +184,9 @@ realinstall:
         install -c -m 0644 .etc/xreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/xviewer.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/mcabber.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/corebird.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/konversation.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/psi-plus.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
         sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
         rm -fr .etc
diff --git a/README b/README
index dd0c5a5b1..390fbb84f 100644
--- a/README
+++ b/README
@@ -25,6 +25,11 @@ Reiner Herrmann
         - clang-analyzer fixes
         - Debian reproducible build
         - unit testing framework
+KellerFuchs (https://github.com/KellerFuchs)
+        - nonewpriv support
+ValdikSS (https://github.com/ValdikSS)
+        - Psi+, Corebird, Konversation profiles
+        - various profile fixes
 avoidr (https://github.com/avoidr)
         - whitelist fix
         - recently-used.xbel fix
diff --git a/README.md b/README.md
index 6f05a010f..4f90b6f27 100644
--- a/README.md
+++ b/README.md
@@ -290,6 +290,6 @@ $ man firejail-profile
 lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
 OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon, Icedove, abrowser, 0ad, netsurf,
 Warzone2100, okular, gwenview, Gpredict, Aweather, Stellarium, Google-Play-Music-Desktop-Player, quiterss,
-cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber
+cyberfox, generic Ubuntu snap application profile, xplayer, xreader, xviewer, mcabber, Psi+, Corebird, Konversation
 
 
diff --git a/RELNOTES b/RELNOTES
index e87cc9637..b791048e7 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -24,7 +24,7 @@ firejail (0.9.40) baseline; urgency=low
   * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player
   * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox
   * new profiles: generic Ubuntu snap application profile, xplayer
-  * new profiles: xreader, xviewer, mcabber
+  * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation
   * generic.profile renamed default.profile
   * build rpm packages using "make rpms"
   * bugfixes
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 8cf8f165c..eff859cc5 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -98,3 +98,6 @@
 /etc/firejail/xreader.profile
 /etc/firejail/xviewer.profile
 /etc/firejail/mcabber.profile
+/etc/firejail/corebird.profile
+/etc/firejail/konversation.profile
+/etc/firejail/psi-plus.profile
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index 4fdbe1897..3ea8caf5b 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -47,7 +47,7 @@ int checkcfg(int val) {
 
                 FILE *fp = fopen(fname, "r");
                 if (!fp) {
-                        fprintf(stderr, "Error: Firejail configuration file %s not found\n", fname);
+                        fprintf(stderr, "Warning: Firejail configuration file %s not found\n", fname);
                         exit(1);
                 }
                 
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 2f4a78d4b..cda9e788e 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -806,7 +806,7 @@ int main(int argc, char **argv) {
                 }
         }
         
-        // is this a login shell, or a command passed by sshd insert command line options from /etc/firejail/login.users
+        // is this a login shell, or a command passed by sshd, insert command line options from /etc/firejail/login.users
         if (*argv[0] == '-' || parent_sshd) {
                 fullargc = restricted_shell(cfg.username);
                 if (fullargc) {
@@ -825,6 +825,11 @@ int main(int argc, char **argv) {
                 check_user(argc, argv); // the function will not return if --user option was found
         }
         
+        
+        // check for force-nonewprivs in /etc/firejail/firejail.config file
+        if (!option_force && checkcfg(CFG_FORCE_NONEWPRIVS))
+                arg_nonewprivs = 1;
+        
         // parse arguments
         for (i = 1; i < argc; i++) {
                 run_cmd_and_exit(i, argc, argv); // will exit if the command is recognized
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index 6133a610d..843c1efe5 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -750,7 +750,7 @@ int sandbox(void* sandbox_arg) {
         //****************************************
         // Set NO_NEW_PRIVS if desired
         //****************************************
-        if (arg_nonewprivs || checkcfg(CFG_FORCE_NONEWPRIVS)) {
+        if (arg_nonewprivs) {
                 int no_new_privs = prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
 
                 if(no_new_privs != 0)