diff options
| author |  rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-03 17:51:17 +0200 |
|---|---|---|
| committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-04-03 17:51:17 +0200 |
| commit | a954cb2162995d6d2530d0f5a45c2c19454dac25 (patch) | |
| tree | 17de900e1c1dcdd97e1980dfb44548e9ec294ad2 | |
| parent | seccomp/join fix (diff) | |
| download | firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.tar.gz firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.tar.zst firejail-a954cb2162995d6d2530d0f5a45c2c19454dac25.zip | |
allow using wruc on any program
@glitsj16 thanks for the pointer that we now have whitelist globbing
| -rw-r--r-- | RELNOTES | 1 | ||||
| -rw-r--r-- | etc/whitelist-runuser-common.inc | 1 |
2 files changed, 2 insertions, 0 deletions
| @@ -4,6 +4,7 @@ firejail (0.9.63) baseline; urgency=low | |||
| 4 | * SELinux labeling support | 4 | * SELinux labeling support |
| 5 | * 32-bit seccomp filter | 5 | * 32-bit seccomp filter |
| 6 | * restrict ${RUNUSER} in serveral profiles | 6 | * restrict ${RUNUSER} in serveral profiles |
| 7 | * whitelist globbing | ||
| 7 | * new condition: HAS_NOSOUND | 8 | * new condition: HAS_NOSOUND |
| 8 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster | 9 | * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster |
| 9 | * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl | 10 | * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl |
diff --git a/etc/whitelist-runuser-common.inc b/etc/whitelist-runuser-common.inc index de59d03d3..9ffd3d5be 100644 --- a/etc/whitelist-runuser-common.inc +++ b/etc/whitelist-runuser-common.inc | |||
| @@ -6,5 +6,6 @@ include whitelist-runuser-common.local | |||
| 6 | whitelist ${RUNUSER}/bus | 6 | whitelist ${RUNUSER}/bus |
| 7 | whitelist ${RUNUSER}/dconf | 7 | whitelist ${RUNUSER}/dconf |
| 8 | whitelist ${RUNUSER}/gdm/Xauthority | 8 | whitelist ${RUNUSER}/gdm/Xauthority |
| 9 | whitelist ${RUNUSER}/.mutter-Xwaylandauth.* | ||
| 9 | whitelist ${RUNUSER}/pulse/native | 10 | whitelist ${RUNUSER}/pulse/native |
| 10 | whitelist ${RUNUSER}/wayland-0 | 11 | whitelist ${RUNUSER}/wayland-0 |