diff options
author | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-16 18:51:37 +0200 |
---|---|---|
committer | rusty-snake <41237666+rusty-snake@users.noreply.github.com> | 2020-10-23 11:01:12 +0200 |
commit | 1ebdf894c675925109031b3fbb859478a2ece566 (patch) | |
tree | 6e656ad5d5e4047bcdc078aefbf926e084309589 /RELNOTES | |
parent | 0.9.64 testing (diff) | |
download | firejail-1ebdf894c675925109031b3fbb859478a2ece566.tar.gz firejail-1ebdf894c675925109031b3fbb859478a2ece566.tar.zst firejail-1ebdf894c675925109031b3fbb859478a2ece566.zip |
Allow --tmpfs inside $HOME for unprivileged users
--tmpfs was added in 0.9.14 and restricted to root only in 0.9.38
due to priv-esc CVE-2016-10117 (e.g. --tmpfs=/etc and modify
/etc/sudoers). This commit reintroduce it for normal users, if the
realpath of it is inside users-home.
Diffstat (limited to 'RELNOTES')
-rw-r--r-- | RELNOTES | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -1,3 +1,6 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | ||
2 | * allow --tmpfs inside $HOME for unprivileged users | ||
3 | |||
1 | firejail (0.9.64) baseline; urgency=low | 4 | firejail (0.9.64) baseline; urgency=low |
2 | * replaced --nowrap option with --wrap in firemon | 5 | * replaced --nowrap option with --wrap in firemon |
3 | * The blocking action of seccomp filters has been changed from | 6 | * The blocking action of seccomp filters has been changed from |