3 files changed, 45 insertions, 4 deletions
diff --git a/README b/README
index 713f5ca3f..99c7b17f0 100644
--- a/README
+++ b/README
@@ -182,6 +182,8 @@ avoidr (https://github.com/avoidr)
        - added mcabber profile
        - fixed mpv profile
        - various other fixes
+Азалия Смарагдова/ChrysoliteAzalea (https://github.com/ChrysoliteAzalea)
+        -  add support for custom AppArmor profiles (--apparmor=)
 backspac (https://github.com/backspac)
        - firecfg fixes
        - add steam-runtime alias
diff --git a/README.md b/README.md
index 5a0991294..30e67bb16 100644
--- a/README.md
+++ b/README.md
@@ -182,6 +182,43 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 Milestone page: https://github.com/netblue30/firejail/milestone/1
+### Restrict namespaces
+`````
+       --restrict-namespaces
+              Install a seccomp filter that  blocks  attempts  to  create  new
+              cgroup, ipc, net, mount, pid, time, user or uts namespaces.
+              Example:
+              $ firejail --restrict-namespaces
+       --restrict-namespaces=cgroup,ipc,net,mnt,pid,time,user,uts
+              Install  a  seccomp filter that blocks attempts to create any of
+              the specified namespaces. The filter examines the  arguments  of
+              clone, unshare and setns system calls and returns error EPERM to
+              the process (or kills it or logs the attempt, see  --seccomp-er‐
+              ror-action below) if necessary. Note that the filter is not able
+              to examine the arguments of clone3 system calls, and always  re‐
+              sponds to these calls with error ENOSYS.
+              Example:
+              $ firejail --restrict-namespaces=user,net
+`````
+#### Support for custom AppArmor profiles
+`````
+      --apparmor
+              Enable AppArmor confinement with the "firejail-default" AppArmor
+              profile.   For more information, please see APPARMOR section be‐
+              low.
+       --apparmor=profile_name
+              Enable AppArmor confinement  with  a  custom  AppArmor  profile.
+              Note  that  profile  in question must already be loaded into the
+              kernel.  For more information, please see APPARMOR  section  be‐
+`````
 ### Profile Statistics
 A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
diff --git a/RELNOTES b/RELNOTES
index 84406e5d4..63da0ae5d 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,13 +1,15 @@
 firejail (0.9.71) baseline; urgency=low
  * work in progress
-  * feat: On failing to remount a fuse filesystem, give warning instead of
+  * feature: restrict namespaces (--restrict-namespaces) inplemented as
-  * erroring out (#5240 #5242)
+    a seccomp filter for both 64 and 32 bit architectures
-  * build: deduplicate configure-time vars into new config files (#5140 #5284)
+  * feature: On failing to remount a fuse filesystem, give warning instead of
+    erroring out (#5240 #5242)
+  * feature: support for custom AppArmor profiles (--apparmor=) (#5274)
+  * build: deduplicate configure-time vars into new config files (#5140)
  * build: fix file mode of shell scripts (644 -> 755) (#5206)
  * build: reduce autoconf input files from 32 to 2 (#5219)
  * build: add dist build directory to .gitignore (#5248)
  * build: add autoconf auto-generation comment to input files (#5251)
-  * build: Add files make uninstall forgot to remove (#5283)
  * ci: ignore git-related paths and the project license (#5249)
 -- netblue30 <netblue30@yahoo.com>  Sat, 11 Jun 2022 09:00:00 -0500

diff --git a/README b/README index 713f5ca3f..99c7b17f0 100644 --- a/README +++ b/README
@@ -182,6 +182,8 @@ avoidr (https://github.com/avoidr)
182	- added mcabber profile	182	- added mcabber profile
183	- fixed mpv profile	183	- fixed mpv profile
184	- various other fixes	184	- various other fixes
		185	Азалия Смарагдова/ChrysoliteAzalea (https://github.com/ChrysoliteAzalea)
		186	- add support for custom AppArmor profiles (--apparmor=)
185	backspac (https://github.com/backspac)	187	backspac (https://github.com/backspac)
186	- firecfg fixes	188	- firecfg fixes
187	- add steam-runtime alias	189	- add steam-runtime alias


diff --git a/README.md b/README.md index 5a0991294..30e67bb16 100644 --- a/README.md +++ b/README.md
@@ -182,6 +182,43 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
182		182
183	Milestone page: https://github.com/netblue30/firejail/milestone/1	183	Milestone page: https://github.com/netblue30/firejail/milestone/1
184		184
		185	### Restrict namespaces
		186
		187	`````
		188	--restrict-namespaces
		189	Install a seccomp filter that blocks attempts to create new
		190	cgroup, ipc, net, mount, pid, time, user or uts namespaces.
		191
		192	Example:
		193	$ firejail --restrict-namespaces
		194
		195	--restrict-namespaces=cgroup,ipc,net,mnt,pid,time,user,uts
		196	Install a seccomp filter that blocks attempts to create any of
		197	the specified namespaces. The filter examines the arguments of
		198	clone, unshare and setns system calls and returns error EPERM to
		199	the process (or kills it or logs the attempt, see --seccomp-er‐
		200	ror-action below) if necessary. Note that the filter is not able
		201	to examine the arguments of clone3 system calls, and always re‐
		202	sponds to these calls with error ENOSYS.
		203
		204	Example:
		205	$ firejail --restrict-namespaces=user,net
		206	`````
		207
		208	#### Support for custom AppArmor profiles
		209
		210	`````
		211	--apparmor
		212	Enable AppArmor confinement with the "firejail-default" AppArmor
		213	profile. For more information, please see APPARMOR section be‐
		214	low.
		215
		216	--apparmor=profile_name
		217	Enable AppArmor confinement with a custom AppArmor profile.
		218	Note that profile in question must already be loaded into the
		219	kernel. For more information, please see APPARMOR section be‐
		220	`````
		221
185	### Profile Statistics	222	### Profile Statistics
186		223
187	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.	224	A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.


diff --git a/RELNOTES b/RELNOTES index 84406e5d4..63da0ae5d 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,13 +1,15 @@
1	firejail (0.9.71) baseline; urgency=low	1	firejail (0.9.71) baseline; urgency=low
2	* work in progress	2	* work in progress
3	* feat: On failing to remount a fuse filesystem, give warning instead of	3	* feature: restrict namespaces (--restrict-namespaces) inplemented as
4	* erroring out (#5240 #5242)	4	a seccomp filter for both 64 and 32 bit architectures
5	* build: deduplicate configure-time vars into new config files (#5140 #5284)	5	* feature: On failing to remount a fuse filesystem, give warning instead of
		6	erroring out (#5240 #5242)
		7	* feature: support for custom AppArmor profiles (--apparmor=) (#5274)
		8	* build: deduplicate configure-time vars into new config files (#5140)
6	* build: fix file mode of shell scripts (644 -> 755) (#5206)	9	* build: fix file mode of shell scripts (644 -> 755) (#5206)
7	* build: reduce autoconf input files from 32 to 2 (#5219)	10	* build: reduce autoconf input files from 32 to 2 (#5219)
8	* build: add dist build directory to .gitignore (#5248)	11	* build: add dist build directory to .gitignore (#5248)
9	* build: add autoconf auto-generation comment to input files (#5251)	12	* build: add autoconf auto-generation comment to input files (#5251)
10	* build: Add files make uninstall forgot to remove (#5283)
11	* ci: ignore git-related paths and the project license (#5249)	13	* ci: ignore git-related paths and the project license (#5249)
12	-- netblue30 <netblue30@yahoo.com> Sat, 11 Jun 2022 09:00:00 -0500	14	-- netblue30 <netblue30@yahoo.com> Sat, 11 Jun 2022 09:00:00 -0500
13		15