0.9.38 released0.9.38

4 files changed, 42 insertions, 97 deletions

diff --git a/README.md b/README.md
index 812ad4008..3addca694 100644
--- a/README.md
+++ b/README.md
@@ -32,96 +32,5 @@ Documentation: https://firejail.wordpress.com/documentation-2/
 
 FAQ: https://firejail.wordpress.com/support/frequently-asked-questions/
 
-# Current development version: 0.9.37
-
-## Symlink invocation
-
-This is a small thing, but very convenient. Make a symbolic link (ln -s) to /usr/bin/firejail under
-the name of the program you want to run, and put the link in the first $PATH position (for
-example in /usr/local/bin). Example:
-`````
-$ which -a transmission-gtk 
-/usr/bin/transmission-gtk
-
-$ sudo ln -s /usr/bin/firejail /usr/local/bin/transmission-gtk
-
-$ which -a transmission-gtk 
-/usr/local/bin/transmission-gtk
-/usr/bin/transmission-gtk
-`````
-We have in this moment two entries in $PATH for transmission. The first one is a symlink to firejail.
-The second one is the real program. Starting transmission in this moment, invokes "firejail transmission-gtk"
-`````
-$ transmission-gtk
-Redirecting symlink to /usr/bin/transmission-gtk
-Reading profile /etc/firejail/transmission-gtk.profile
-Reading profile /etc/firejail/disable-mgmt.inc
-Reading profile /etc/firejail/disable-secret.inc
-Reading profile /etc/firejail/disable-common.inc
-Reading profile /etc/firejail/disable-devel.inc
-Parent pid 19343, child pid 19344
-Blacklist violations are logged to syslog
-Child process initialized
-`````
-
-
-## IPv6 support:
-`````
-      --ip6=address
-              Assign IPv6 addresses to the last network interface defined by a
-              --net option.
-
-              Example:
-              $ firejail --net=eth0 --ip6=2001:0db8:0:f101::1/64 firefox
-
-       --netfilter6=filename
-              Enable the IPv6 network filter specified by filename in the  new
-              network  namespace.  The  filter  file  format  is the format of
-              ip6tables-save  and  ip6table-restore  commands.   New   network
-              namespaces  are  created  using  --net  option. If a new network
-              namespaces is not created, --netfilter6 option does nothing.
-
-`````
-
-## join command enhancements
-
-`````
-       --join-filesystem=name
-              Join the mount namespace of the sandbox identified by  name.  By
-              default  a /bin/bash shell is started after joining the sandbox.
-              If a program is specified, the program is run  in  the  sandbox.
-              This  command is available only to root user.  Security filters,
-              cgroups and cpus configurations are not applied to  the  process
-              joining the sandbox.
-
-       --join-filesystem=pid
-              Join  the  mount  namespace of the sandbox identified by process
-              ID. By default a /bin/bash shell is started  after  joining  the
-              sandbox.   If  a program is specified, the program is run in the
-              sandbox. This command is available only to root user.   Security
-              filters,  cgroups and cpus configurations are not applied to the
-              process joining the sandbox.
-
-      --join-network=name
-              Join the network namespace of the sandbox identified by name. By
-              default  a /bin/bash shell is started after joining the sandbox.
-              If a program is specified, the program is run  in  the  sandbox.
-              This  command is available only to root user.  Security filters,
-              cgroups and cpus configurations are not applied to  the  process
-              joining the sandbox.
-
-       --join-network=pid
-              Join  the network namespace of the sandbox identified by process
-              ID. By default a /bin/bash shell is started  after  joining  the
-              sandbox.   If  a program is specified, the program is run in the
-              sandbox. This command is available only to root user.   Security
-              filters,  cgroups and cpus configurations are not applied to the
-              process joining the sandbox.
-
-`````
-
-
-## New profiles: KMail
-
-
+# Current development version: 0.9.39
 
diff --git a/RELNOTES b/RELNOTES
index 4dd5e1b50..979f359bd 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -14,7 +14,7 @@ firejail (0.9.38) baseline; urgency=low
   * --tmpfs option allowed only running as root
   * added --private-tmp option
   * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Mon, 2 Feb 2016 10:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Tue, 2 Feb 2016 10:00:00 -0500
 
 firejail (0.9.36) baseline; urgency=low
   * added  unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat,
diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh
index 5775783af..99f7a536c 100755
--- a/platform/rpm/old-mkrpm.sh
+++ b/platform/rpm/old-mkrpm.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-VERSION="0.9.36"
+VERSION="0.9.38"
 rm -fr ~/rpmbuild
 rm -f firejail-$VERSION-1.x86_64.rpm
 
@@ -83,7 +83,6 @@ install -m 644 /etc/firejail/google-chrome-beta.profile firejail-$VERSION/etc/fi
 install -m 644 /etc/firejail/google-chrome-stable.profile firejail-$VERSION/etc/firejail/google-chrome-stable.profile
 install -m 644 /etc/firejail/google-chrome-unstable.profile firejail-$VERSION/etc/firejail/google-chrome-unstable.profile
 install -m 644 /etc/firejail/hexchat.profile firejail-$VERSION/etc/firejail/hexchat.profile
-install -m 644 /etc/firejail/konqueror.profile firejail-$VERSION/etc/firejail/konqueror.profile
 install -m 644 /etc/firejail/nolocal.net firejail-$VERSION/etc/firejail/nolocal.net
 install -m 644 /etc/firejail/opera-beta.profile firejail-$VERSION/etc/firejail/opera-beta.profile
 install -m 644 /etc/firejail/parole.profile firejail-$VERSION/etc/firejail/parole.profile
@@ -94,6 +93,16 @@ install -m 644 /etc/firejail/weechat-curses.profile firejail-$VERSION/etc/fireja
 install -m 644 /etc/firejail/weechat.profile firejail-$VERSION/etc/firejail/weechat.profile
 install -m 644 /etc/firejail/whitelist-common.inc firejail-$VERSION/etc/firejail/whitelist-common.inc
 
+install -m 644 /etc/firejail/kmail.profile firejail-$VERSION/etc/firejail/kmail.profile
+install -m 644 /etc/firejail/seamonkey.profile firejail-$VERSION/etc/firejail/seamonkey.profile
+install -m 644 /etc/firejail/seamonkey-bin.profile firejail-$VERSION/etc/firejail/seamonkey-bin.profile
+install -m 644 /etc/firejail/telegram.profile firejail-$VERSION/etc/firejail/telegram.profile
+install -m 644 /etc/firejail/mathematica.profile firejail-$VERSION/etc/firejail/mathematica.profile
+install -m 644 /etc/firejail/Mathematica.profile firejail-$VERSION/etc/firejail/Mathematica.profile
+install -m 644 /etc/firejail/uget-gtk.profile firejail-$VERSION/etc/firejail/uget-gtk.profile
+install -m 644 /etc/firejail/mupen64plus.profile firejail-$VERSION/etc/firejail/mupen64plus.profile
+
+
 mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
 install -m 644 /usr/share/bash-completion/completions/firejail  firejail-$VERSION/usr/share/bash-completion/completions/.
 install -m 644 /usr/share/bash-completion/completions/firemon  firejail-$VERSION/usr/share/bash-completion/completions/.
@@ -189,7 +198,6 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/%{name}/google-chrome-stable.profile
 %config(noreplace) %{_sysconfdir}/%{name}/google-chrome-unstable.profile
 %config(noreplace) %{_sysconfdir}/%{name}/hexchat.profile
-%config(noreplace) %{_sysconfdir}/%{name}/konqueror.profile
 %config(noreplace) %{_sysconfdir}/%{name}/nolocal.net
 %config(noreplace) %{_sysconfdir}/%{name}/opera-beta.profile
 %config(noreplace) %{_sysconfdir}/%{name}/parole.profile
@@ -199,6 +207,14 @@ rm -rf %{buildroot}
 %config(noreplace) %{_sysconfdir}/%{name}/weechat-curses.profile
 %config(noreplace) %{_sysconfdir}/%{name}/weechat.profile
 %config(noreplace) %{_sysconfdir}/%{name}/whitelist-common.inc
+%config(noreplace) %{_sysconfdir}/%{name}/kmail.profile
+%config(noreplace) %{_sysconfdir}/%{name}/seamonkey.profile
+%config(noreplace) %{_sysconfdir}/%{name}/seamonkey-bin.profile
+%config(noreplace) %{_sysconfdir}/%{name}/telegram.profile
+%config(noreplace) %{_sysconfdir}/%{name}/mathematica.profile
+%config(noreplace) %{_sysconfdir}/%{name}/Mathematica.profile
+%config(noreplace) %{_sysconfdir}/%{name}/uget-gtk.profile
+%config(noreplace) %{_sysconfdir}/%{name}/mupen64plus.profile
 
 /usr/bin/firejail
 /usr/bin/firemon
@@ -220,6 +236,23 @@ rm -rf %{buildroot}
 chmod u+s /usr/bin/firejail
 
 %changelog
+* Wed Feb 3 2016  netblue30 <netblue30@yahoo.com> 0.9.38-1
+ - IPv6 support (--ip6 and --netfilter6)
+ - --join command enhancement (--join-network, --join-filesystem)
+ - added --user command
+ - added --disable-network and --disable-userns compile time flags
+ - Centos 6 support
+ - symlink invocation
+ - added KMail, Seamonkey, Telegram, Mathematica, uGet,
+     and mupen64plus profiles
+ -  --chroot in user mode allowed only if seccomp support is available
+     in current Linux kernel
+ - deprecated --private-home feature
+ - the first protocol list installed takes precedence
+ - --tmpfs option allowed only running as root
+ - added --private-tmp option
+ - bugfixes
+
 * Thu Dec 24 2015 netblue30 <netblue30@yahoo.com> 0.9.36-1
  - added  unbound, dnscrypt-proxy, BitlBee, HexChat profiles
  - added WeeChat, parole and rtorrent profiles
diff --git a/test/features/features.txt b/test/features/features.txt
index 0b1634669..4d8821a92 100644
--- a/test/features/features.txt
+++ b/test/features/features.txt
@@ -43,16 +43,19 @@ C - chroot filesystem
 3.2 read-only
 3.3 blacklist
 3.4 whitelist home
+        - N braking on Fedora
 3.5 private-dev
         - O, C - somehow /dev/log is missing
+        - N - problems on Debian wheezy 32-bit, Fedora
 3.6 private-etc
         - O not working - todo
 3.7 private-tmp
 3.8 private-bin
         - O, C not working - todo
 3.9 whitelist dev
+        - N not working on Debian wheezy (32-bit and 64-bit) - todo
 3.10 whitelist tmp
-        - O not working on Arch Linux
+        - O not working on Arch Linux - todo