diff options
| -rw-r--r-- | RELNOTES | 4 | ||||
| -rw-r--r-- | etc/disable-common.inc | 1 | ||||
| -rw-r--r-- | etc/disable-programs.inc | 1 | ||||
| -rw-r--r-- | etc/whitelist-common.inc | 1 | ||||
| -rwxr-xr-x | test/filters/noroot.exp | 1 | ||||
| -rwxr-xr-x | test/filters/seccomp-su.exp | 6 |
6 files changed, 10 insertions, 4 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | firejail (0.9.40-rc1) baseline; urgency=low | 1 | firejail (0.9.40) baseline; urgency=low |
| 2 | * added --nice option | 2 | * added --nice option |
| 3 | * added --x11 option | 3 | * added --x11 option |
| 4 | * added --x11=xpra option | 4 | * added --x11=xpra option |
| @@ -28,7 +28,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
| 28 | * generic.profile renamed default.profile | 28 | * generic.profile renamed default.profile |
| 29 | * build rpm packages using "make rpms" | 29 | * build rpm packages using "make rpms" |
| 30 | * bugfixes | 30 | * bugfixes |
| 31 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 31 | -- netblue30 <netblue30@yahoo.com> Wed, 25 May 2016 08:00:00 -0500 |
| 32 | 32 | ||
| 33 | firejail (0.9.38) baseline; urgency=low | 33 | firejail (0.9.38) baseline; urgency=low |
| 34 | * IPv6 support (--ip6 and --netfilter6) | 34 | * IPv6 support (--ip6 and --netfilter6) |
diff --git a/etc/disable-common.inc b/etc/disable-common.inc index 479f32cb1..a61f1b210 100644 --- a/etc/disable-common.inc +++ b/etc/disable-common.inc | |||
| @@ -93,6 +93,7 @@ read-only ${HOME}/bin | |||
| 93 | 93 | ||
| 94 | # top secret | 94 | # top secret |
| 95 | blacklist ${HOME}/.ssh | 95 | blacklist ${HOME}/.ssh |
| 96 | blacklist ${HOME}/.cert | ||
| 96 | blacklist ${HOME}/.gnome2/keyrings | 97 | blacklist ${HOME}/.gnome2/keyrings |
| 97 | blacklist ${HOME}/kde4/share/apps/kwallet | 98 | blacklist ${HOME}/kde4/share/apps/kwallet |
| 98 | blacklist ${HOME}/kde/share/apps/kwallet | 99 | blacklist ${HOME}/kde/share/apps/kwallet |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 307ccaf6c..3474a6592 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
| @@ -112,3 +112,4 @@ blacklist ${HOME}/.local/share/wesnoth | |||
| 112 | blacklist ${HOME}/.local/share/0ad | 112 | blacklist ${HOME}/.local/share/0ad |
| 113 | blacklist ${HOME}/.local/share/xplayer | 113 | blacklist ${HOME}/.local/share/xplayer |
| 114 | blacklist ${HOME}/.local/share/totem | 114 | blacklist ${HOME}/.local/share/totem |
| 115 | blacklist ${HOME}/.local/share/psi+ | ||
diff --git a/etc/whitelist-common.inc b/etc/whitelist-common.inc index 9d5ef3d96..b3a1a1d30 100644 --- a/etc/whitelist-common.inc +++ b/etc/whitelist-common.inc | |||
| @@ -1,5 +1,6 @@ | |||
| 1 | # common whitelist for all profiles | 1 | # common whitelist for all profiles |
| 2 | 2 | ||
| 3 | whitelist ~/.XCompose | ||
| 3 | whitelist ~/.config/mimeapps.list | 4 | whitelist ~/.config/mimeapps.list |
| 4 | whitelist ~/.icons | 5 | whitelist ~/.icons |
| 5 | whitelist ~/.config/user-dirs.dirs | 6 | whitelist ~/.config/user-dirs.dirs |
diff --git a/test/filters/noroot.exp b/test/filters/noroot.exp index bbd2291c8..1e08cee12 100755 --- a/test/filters/noroot.exp +++ b/test/filters/noroot.exp | |||
| @@ -49,6 +49,7 @@ expect { | |||
| 49 | timeout {puts "TESTING ERROR 8\n";exit} | 49 | timeout {puts "TESTING ERROR 8\n";exit} |
| 50 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} | 50 | "effective uid is not 0, is sudo installed setuid root?" { puts "OK\n";} |
| 51 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} | 51 | "sudo must be owned by uid 0 and have the setuid bit set" { puts "OK\n";} |
| 52 | "Bad system call" { puts "OK\n";} | ||
| 52 | } | 53 | } |
| 53 | send -- "cat /proc/self/uid_map | wc -l\r" | 54 | send -- "cat /proc/self/uid_map | wc -l\r" |
| 54 | expect { | 55 | expect { |
diff --git a/test/filters/seccomp-su.exp b/test/filters/seccomp-su.exp index 003f3df99..e2ab050bf 100755 --- a/test/filters/seccomp-su.exp +++ b/test/filters/seccomp-su.exp | |||
| @@ -17,13 +17,15 @@ sleep 2 | |||
| 17 | send -- "sudo su -\r" | 17 | send -- "sudo su -\r" |
| 18 | expect { | 18 | expect { |
| 19 | timeout {puts "TESTING ERROR 1\n";exit} | 19 | timeout {puts "TESTING ERROR 1\n";exit} |
| 20 | "effective uid is not 0" | 20 | "effective uid is not 0" {puts "OK\n"} |
| 21 | "Bad system call" {puts "OK\n"} | ||
| 21 | } | 22 | } |
| 22 | 23 | ||
| 23 | send -- "sudo ls\r" | 24 | send -- "sudo ls\r" |
| 24 | expect { | 25 | expect { |
| 25 | timeout {puts "TESTING ERROR 2\n";exit} | 26 | timeout {puts "TESTING ERROR 2\n";exit} |
| 26 | "effective uid is not 0" | 27 | "effective uid is not 0" {puts "OK\n"} |
| 28 | "Bad system call" {puts "OK\n"} | ||
| 27 | } | 29 | } |
| 28 | 30 | ||
| 29 | send -- "ping google.com\r" | 31 | send -- "ping google.com\r" |