6 files changed, 29 insertions, 18 deletions

diff --git a/README b/README
index 206655487..f8f73ff1a 100644
--- a/README
+++ b/README
@@ -2,14 +2,17 @@ Firejail  is  a  SUID sandbox program that reduces the risk of security
 breaches by restricting the running environment of  untrusted  applications
 using Linux namespaces and seccomp-bpf. It includes sandbox profiles for
 Iceweasel/Mozilla Firefox, Chromium, Midori, Opera, Evince, Transmission,
-VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge and qBittorrent.
+VLC, Audoacious, Clementine, Rhythmbox, Totem, Deluge, qBittorrent.
+DeaDBeeF, Dropbox, Empathy, FileZilla, IceCat, Thunderbird/Icedove,
+Pidgin, Quassel and XChat.
 
 Firejail also expands the restricted shell facility found  in  bash  by adding 
 Linux  namespace support. It supports sandboxing specific users upon login.
 
 Download: http://sourceforge.net/projects/firejail/files/
 Build and install: ./configure && make && sudo make install
-Documentation and support: http://firejail.sourceforge.net
+Documentation and support: https://l3net.wordpress.com/projects/firejail/
+Development: https://github.com/netblue30/firejail
 License: GPL v2
 
 Firejail Authors:
@@ -30,8 +33,6 @@ Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/)
 Reiner Herrmann - a number of build patches, man page fixes, Debian integration
 sshirokov (http://sourceforge.net/u/yshirokov/profile/)
         - Patch to output "Reading profile" to stderr instead of stdout
-Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
-        - src/lib/libnetlink.c extracted from iproute2 software package
 G4JC (http://sourceforge.net/u/gaming4jc/profile/)
         - ARM support
 dewbasaur (https://github.com/dewbasaur)
@@ -43,5 +44,7 @@ mjudtmann (https://github.com/mjudtmann)
         - lock firejail configuration in disable-mgmt.inc
 iiotx (https://github.com/iiotx)
         - use generci.profile by default
+Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
+        - src/lib/libnetlink.c extracted from iproute2 software package
         
 Copyright (C) 2014, 2015 Firejail Authors
diff --git a/RELNOTES b/RELNOTES
index b2a63e400..811f2c5cf 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,17 +1,19 @@
-firejail (0.9.29) baseline; urgency=low
+firejail (0.9.30-rc1) baseline; urgency=low
   * added a disable-history.inc profile as a result of Firefox PDF.js exploit;
     disable-history.inc included in all default profiles
   * Firefox PDF.js exploit (CVE-2015-4495) fixes
   * added --private-etc option
   * added --env option
+  * added --whitelist option
   * support ${HOME} token in include directive in profile files
   * --private.keep is transitioned to --private-home
   * support ~ and blanks in blacklist option
   * support "net none" command in profile files
   * using /etc/firejail/generic.profile by default for user sessions
   * using /etc/firejail/server.profile by default for root sessions
+  * added build --enable-fatal-warnings configure option
   * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Mon, 24 Aug 2015 20:25:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Wed, 9 Sept 2015 08:00:00 -0500
 
 firejail (0.9.28) baseline; urgency=low
   * network scanning, --scan option
diff --git a/configure b/configure
index 1b8f6728c..c15e4c9aa 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.29-github.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.30-rc1.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.29-github'
-PACKAGE_STRING='firejail 0.9.29-github'
+PACKAGE_VERSION='0.9.30-rc1'
+PACKAGE_STRING='firejail 0.9.30-rc1'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.sourceforge.net'
 
@@ -1238,7 +1238,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.29-github to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.30-rc1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1299,7 +1299,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.29-github:";;
+     short | recursive ) echo "Configuration of firejail 0.9.30-rc1:";;
    esac
   cat <<\_ACEOF
 
@@ -1389,7 +1389,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.29-github
+firejail configure 0.9.30-rc1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1691,7 +1691,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.29-github, which was
+It was created by firejail $as_me 0.9.30-rc1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4102,7 +4102,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.29-github, which was
+This file was extended by firejail $as_me 0.9.30-rc1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4156,7 +4156,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.29-github
+firejail config.status 0.9.30-rc1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 3fa0c933b..5e3f44bed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.29-github, netblue30@yahoo.com, , http://firejail.sourceforge.net)
+AC_INIT(firejail, 0.9.30-rc1, netblue30@yahoo.com, , http://firejail.sourceforge.net)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index 116bd404a..aa8144a40 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -368,6 +368,7 @@ void env_store(const char *str);
 void env_apply(void);
 
 // fs_whitelist.c
+void fs_whitelist(void);
 
 #endif
 
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt
index 1473c5889..470cade7e 100644
--- a/src/man/firejail-profile.txt
+++ b/src/man/firejail-profile.txt
@@ -10,7 +10,7 @@ firejail \-\-profile=filename.profile
 Several command line options can be passed to the program using
 profile files. Firejail chooses the profile file as follows:
 
-1. If a profile file is provided by the user with --profile option, the profile file is loaded.
+1. If a profile file is provided by the user with \-\-profile option, the profile file is loaded.
 Example:
 .PP
 .RS
@@ -120,7 +120,7 @@ Remove ifconfig command from the regular path directories.
 \f\blacklist ${HOME}/.ssh
 Remove .ssh directory from user home directory.
 .TP
-\f\ noblacklist ${HOME}/config/evince
+\f\noblacklist ${HOME}/config/evince
 Prevent any new blacklist commands from blacklisting
 config/evince in the user home directory. Useful for defining
 exceptions before including a large blacklist from a file. Note
@@ -149,6 +149,11 @@ Create a new /dev directory. Only null, full, zero, tty, pts, ptmx, random, uran
 Build a new /etc in a temporary
 filesystem, and copy the files and directories in the list.
 All modifications are discarded when the sandbox is closed.
+.TP
+\f\whitelist file_or_directory
+Build a new user home in a temporary filesystem, and mount-bind file_or_directory.
+The modifications to file_or_directory are persistent, everything else is discarded
+when the sandbox is closed.
 
 .SH Filters
 \fBcaps\fR and \fBseccomp\fR enable Linux capabilities and seccomp filters. Examples: