diff options
-rw-r--r-- | RELNOTES | 5 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | platform/debian/control | 2 | ||||
-rwxr-xr-x | platform/rpm/old-mkrpm.sh | 48 | ||||
-rw-r--r-- | src/firejail/x11.c | 2 | ||||
-rw-r--r-- | src/man/firecfg.txt | 12 |
6 files changed, 56 insertions, 14 deletions
@@ -1,5 +1,4 @@ | |||
1 | firejail (0.9.46-rc1) baseline; urgency=low | 1 | firejail (0.9.46) baseline; urgency=low |
2 | * development version, work in progress | ||
3 | * security: split most of networking code in a separate executable | 2 | * security: split most of networking code in a separate executable |
4 | * security: split seccomp filter code configuration in a separate executable | 3 | * security: split seccomp filter code configuration in a separate executable |
5 | * security: split file copying in private option in a separate executable | 4 | * security: split file copying in private option in a separate executable |
@@ -53,7 +52,7 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
53 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr | 52 | * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr |
54 | * new profiles: Blender, 2048-qt | 53 | * new profiles: Blender, 2048-qt |
55 | * bugfixes | 54 | * bugfixes |
56 | -- netblue30 <netblue30@yahoo.com> Fri, 7 Apr 2017 08:00:00 -0500 | 55 | -- netblue30 <netblue30@yahoo.com> Sun, 14 May 2017 08:00:00 -0500 |
57 | 56 | ||
58 | firejail (0.9.44.10) baseline; urgency=low | 57 | firejail (0.9.44.10) baseline; urgency=low |
59 | * security: when using --x11=xorg and --net, incorrect processing of | 58 | * security: when using --x11=xorg and --net, incorrect processing of |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index b9eadb9fc..965f18501 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -301,4 +301,3 @@ | |||
301 | /etc/firejail/blender.profile | 301 | /etc/firejail/blender.profile |
302 | /etc/firejail/2048-qt.profile | 302 | /etc/firejail/2048-qt.profile |
303 | /etc/firejail/gimp-2.8.profile | 303 | /etc/firejail/gimp-2.8.profile |
304 | |||
diff --git a/platform/debian/control b/platform/debian/control index 4287d6561..4161cbfb2 100644 --- a/platform/debian/control +++ b/platform/debian/control | |||
@@ -2,7 +2,7 @@ Package: firejail | |||
2 | Version: FIREJAILVER-1 | 2 | Version: FIREJAILVER-1 |
3 | Architecture: amd64 | 3 | Architecture: amd64 |
4 | Maintainer: netblue30 <netblue30@yahoo.com> | 4 | Maintainer: netblue30 <netblue30@yahoo.com> |
5 | Installed-Size: 272 | 5 | Installed-Size: 2024 |
6 | Depends: libc6 | 6 | Depends: libc6 |
7 | Suggests: python, python3 | 7 | Suggests: python, python3 |
8 | Section: admin | 8 | Section: admin |
diff --git a/platform/rpm/old-mkrpm.sh b/platform/rpm/old-mkrpm.sh index 46a2c613d..78e93507c 100755 --- a/platform/rpm/old-mkrpm.sh +++ b/platform/rpm/old-mkrpm.sh | |||
@@ -1,5 +1,5 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | VERSION="0.9.46~rc1" | 2 | VERSION="0.9.46" |
3 | rm -fr ~/rpmbuild | 3 | rm -fr ~/rpmbuild |
4 | rm -f firejail-$VERSION-1.x86_64.rpm | 4 | rm -f firejail-$VERSION-1.x86_64.rpm |
5 | 5 | ||
@@ -366,6 +366,50 @@ rm -rf %{buildroot} | |||
366 | %{_sysconfdir}/%{name}/xonotic.profile | 366 | %{_sysconfdir}/%{name}/xonotic.profile |
367 | %{_sysconfdir}/%{name}/xpra.profile | 367 | %{_sysconfdir}/%{name}/xpra.profile |
368 | %{_sysconfdir}/%{name}/zoom.profile | 368 | %{_sysconfdir}/%{name}/zoom.profile |
369 | %{_sysconfdir}/%{name}/2048-qt.profile | ||
370 | %{_sysconfdir}/%{name}/Xephyr.profile | ||
371 | %{_sysconfdir}/%{name}/Xvfb.profile | ||
372 | %{_sysconfdir}/%{name}/akregator.profile | ||
373 | %{_sysconfdir}/%{name}/arduino.profile | ||
374 | %{_sysconfdir}/%{name}/baloo_file.profile | ||
375 | %{_sysconfdir}/%{name}/bibletime.profile | ||
376 | %{_sysconfdir}/%{name}/blender.profile | ||
377 | %{_sysconfdir}/%{name}/caja.profile | ||
378 | %{_sysconfdir}/%{name}/clipit.profile | ||
379 | %{_sysconfdir}/%{name}/dia.profile | ||
380 | %{_sysconfdir}/%{name}/dino.profile | ||
381 | %{_sysconfdir}/%{name}/fontforge.profile | ||
382 | %{_sysconfdir}/%{name}/galculator.profile | ||
383 | %{_sysconfdir}/%{name}/geany.profile | ||
384 | %{_sysconfdir}/%{name}/gimp-2.8.profile | ||
385 | %{_sysconfdir}/%{name}/globaltime.profile | ||
386 | %{_sysconfdir}/%{name}/gnome-font-viewer.profile | ||
387 | %{_sysconfdir}/%{name}/gucharmap.profile | ||
388 | %{_sysconfdir}/%{name}/hugin.profile | ||
389 | %{_sysconfdir}/%{name}/kcalc.profile | ||
390 | %{_sysconfdir}/%{name}/knotes.profile | ||
391 | %{_sysconfdir}/%{name}/kodi.profile | ||
392 | %{_sysconfdir}/%{name}/ktorrent.profile | ||
393 | %{_sysconfdir}/%{name}/leafpad.profile | ||
394 | %{_sysconfdir}/%{name}/lximage-qt.profile | ||
395 | %{_sysconfdir}/%{name}/lxmusic.profile | ||
396 | %{_sysconfdir}/%{name}/mate-calc.profile | ||
397 | %{_sysconfdir}/%{name}/mate-calculator.profile | ||
398 | %{_sysconfdir}/%{name}/mate-color-select.profile | ||
399 | %{_sysconfdir}/%{name}/mate-dictionary.profile | ||
400 | %{_sysconfdir}/%{name}/meld.profile | ||
401 | %{_sysconfdir}/%{name}/nemo.profile | ||
402 | %{_sysconfdir}/%{name}/nylas.profile | ||
403 | %{_sysconfdir}/%{name}/orage.profile | ||
404 | %{_sysconfdir}/%{name}/pcmanfm.profile | ||
405 | %{_sysconfdir}/%{name}/qlipper.profile | ||
406 | %{_sysconfdir}/%{name}/ristretto.profile | ||
407 | %{_sysconfdir}/%{name}/viewnior.profile | ||
408 | %{_sysconfdir}/%{name}/viking.profile | ||
409 | %{_sysconfdir}/%{name}/xfce4-dict.profile | ||
410 | %{_sysconfdir}/%{name}/xfce4-notes.profile | ||
411 | %{_sysconfdir}/%{name}/youtube-dl.profile | ||
412 | |||
369 | 413 | ||
370 | /usr/bin/firejail | 414 | /usr/bin/firejail |
371 | /usr/bin/firemon | 415 | /usr/bin/firemon |
@@ -407,7 +451,7 @@ rm -rf %{buildroot} | |||
407 | chmod u+s /usr/bin/firejail | 451 | chmod u+s /usr/bin/firejail |
408 | 452 | ||
409 | %changelog | 453 | %changelog |
410 | * Fri Apr 7 2017 netblue30 <netblue30@yahoo.com> 0.9.46~rc1 | 454 | * Mon May 15 2017 netblue30 <netblue30@yahoo.com> 0.9.46-1 |
411 | 455 | ||
412 | * Fri Oct 21 2016 netblue30 <netblue30@yahoo.com> 0.9.44-1 | 456 | * Fri Oct 21 2016 netblue30 <netblue30@yahoo.com> 0.9.44-1 |
413 | - CVE-2016-7545 submitted by Aleksey Manevich | 457 | - CVE-2016-7545 submitted by Aleksey Manevich |
diff --git a/src/firejail/x11.c b/src/firejail/x11.c index 49af2eff4..f1d45adef 100644 --- a/src/firejail/x11.c +++ b/src/firejail/x11.c | |||
@@ -568,6 +568,7 @@ void x11_start_xephyr(int argc, char **argv) { | |||
568 | (void) rv; | 568 | (void) rv; |
569 | } | 569 | } |
570 | 570 | ||
571 | assert(display_str); | ||
571 | setenv("DISPLAY", display_str, 1); | 572 | setenv("DISPLAY", display_str, 1); |
572 | // run attach command | 573 | // run attach command |
573 | jail = fork(); | 574 | jail = fork(); |
@@ -785,6 +786,7 @@ void x11_start_xpra(int argc, char **argv) { | |||
785 | _exit(1); | 786 | _exit(1); |
786 | } | 787 | } |
787 | 788 | ||
789 | assert(display_str); | ||
788 | setenv("DISPLAY", display_str, 1); | 790 | setenv("DISPLAY", display_str, 1); |
789 | 791 | ||
790 | // build jail command | 792 | // build jail command |
diff --git a/src/man/firecfg.txt b/src/man/firecfg.txt index 979d4fc06..55b60dcac 100644 --- a/src/man/firecfg.txt +++ b/src/man/firecfg.txt | |||
@@ -20,16 +20,14 @@ The integration covers: | |||
20 | .br | 20 | .br |
21 | 21 | ||
22 | .br | 22 | .br |
23 | - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE, MATE and XFCE | 23 | - programs started by clicking on file icons in file manager - only Cinnamon, KDE, LXDE/LXQT, MATE and XFCE |
24 | desktop managers are supported in this moment | 24 | desktop managers are supported in this moment |
25 | .RE | 25 | .RE |
26 | 26 | ||
27 | This brings us as very close to full desktop integration. | 27 | To set it up, run "sudo firecfg" after installing Firejail software. |
28 | 28 | The same command should also be run after | |
29 | To set it up, run "sudo firecfg" after installing | 29 | installing new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin |
30 | Firejail software, and logout/login for the integration to take effect. "sudo firecfg" should also be run after | 30 | will be created. For a full list of programs supported by default run "cat /usr/lib/firejail/firecfg.config". |
31 | you install new programs. If the program is supported by Firejail, the symbolic link in /usr/local/bin | ||
32 | will be created. For a list of programs supported by default run "ls /etc/firejail". | ||
33 | 31 | ||
34 | For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. | 32 | For user-driven manual integration, see \fBDESKTOP INTEGRATION\fR section in \fBman 1 firejail\fR. |
35 | 33 | ||