diff options
-rw-r--r-- | README | 3 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/Xephyr.profile | 6 | ||||
-rw-r--r-- | etc/Xvfb.profile | 2 | ||||
-rw-r--r-- | etc/xpra.profile | 8 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
6 files changed, 12 insertions, 11 deletions
@@ -468,5 +468,6 @@ Zack Weinberg (https://github.com/zackw) | |||
468 | - Xvfb and Xephyr profiles, modified Xpra profile | 468 | - Xvfb and Xephyr profiles, modified Xpra profile |
469 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started | 469 | - support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started |
470 | with firejail --x11 | 470 | with firejail --x11 |
471 | 471 | - support for xpra-extra-params in firejail.config | |
472 | |||
472 | Copyright (C) 2014-2017 Firejail Authors | 473 | Copyright (C) 2014-2017 Firejail Authors |
@@ -34,6 +34,8 @@ firejail (0.9.46-rc1) baseline; urgency=low | |||
34 | * feature: --fix-sound support in firecfg | 34 | * feature: --fix-sound support in firecfg |
35 | * feature: added support for sandboxing Xpra, Xvfb and Xephyr in | 35 | * feature: added support for sandboxing Xpra, Xvfb and Xephyr in |
36 | independent sandboxes when started with firejail --x11 | 36 | independent sandboxes when started with firejail --x11 |
37 | * feature: enable automatic X server sandboxing for --x11=xpra | ||
38 | and --x11=xephyr | ||
37 | * feature: support for Xpra extra params in firejail config file | 39 | * feature: support for Xpra extra params in firejail config file |
38 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, | 40 | * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, |
39 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, | 41 | * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, |
diff --git a/etc/Xephyr.profile b/etc/Xephyr.profile index 362318bb1..d3349f7f7 100644 --- a/etc/Xephyr.profile +++ b/etc/Xephyr.profile | |||
@@ -4,13 +4,11 @@ include /etc/firejail/Xephyr.local | |||
4 | 4 | ||
5 | # | 5 | # |
6 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. | 6 | # This profile will sandbox Xephyr server itself when used with firejail --x11=xephyr. |
7 | # The target program is sandboxed with its own profile. By default the this functionality | 7 | # To enable it, create a firejail-Xephyr symlink in /usr/local/bin: |
8 | # is disabled. To enable it, create a firejail-Xephyr symlink in /usr/local/bin: | ||
9 | # | 8 | # |
10 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr | 9 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xephyr |
11 | # | 10 | # |
12 | # We have this functionality disabled by default because it creates problems on | 11 | # or run "sudo firecfg" |
13 | # some Linux distributions. | ||
14 | # | 12 | # |
15 | 13 | ||
16 | 14 | ||
diff --git a/etc/Xvfb.profile b/etc/Xvfb.profile index 9c919f432..0cf9b7e1c 100644 --- a/etc/Xvfb.profile +++ b/etc/Xvfb.profile | |||
@@ -10,7 +10,7 @@ include /etc/firejail/xvfb.local | |||
10 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb | 10 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/Xvfb |
11 | # | 11 | # |
12 | # We have this functionality disabled by default because it creates problems on | 12 | # We have this functionality disabled by default because it creates problems on |
13 | # some Linux distributions. | 13 | # some Linux distributions. Also, older versions of Xpra use Xvfb. |
14 | # | 14 | # |
15 | 15 | ||
16 | 16 | ||
diff --git a/etc/xpra.profile b/etc/xpra.profile index f4f28f9de..11bfec7eb 100644 --- a/etc/xpra.profile +++ b/etc/xpra.profile | |||
@@ -5,14 +5,11 @@ include /etc/firejail/xpra.local | |||
5 | 5 | ||
6 | # | 6 | # |
7 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. | 7 | # This profile will sandbox Xpra server itself when used with firejail --x11=xpra. |
8 | # The target program is sandboxed with its own profile. By default the this functionality | 8 | # To enable it, create a firejail-xpra symlink in /usr/local/bin: |
9 | # is disabled. To enable it, create a firejail-xpra symlink in /usr/local/bin: | ||
10 | # | 9 | # |
11 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra | 10 | # $ sudo ln -s /usr/bin/firejail /usr/local/bin/xpra |
12 | # | 11 | # |
13 | # We have this functionality disabled by default because it creates problems on | 12 | # or run "sudo firecfg" |
14 | # some Linux distributions. | ||
15 | # | ||
16 | 13 | ||
17 | # private home directory doesn't work on some distros, so we go for a regular home | 14 | # private home directory doesn't work on some distros, so we go for a regular home |
18 | #private | 15 | #private |
@@ -36,6 +33,7 @@ protocol unix | |||
36 | 33 | ||
37 | private-dev | 34 | private-dev |
38 | private-tmp | 35 | private-tmp |
36 | # older Xpra versions also use Xvfb | ||
39 | #private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls | 37 | #private-bin xpra,python,Xvfb,Xorg,sh,xkbcomp,xauth,dbus-launch,pactl,ldconfig,which,strace,bash,cat,ls |
40 | #private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 | 38 | #private-etc ld.so.conf,ld.so.cache,resolv.conf,host.conf,nsswitch.conf,gai.conf,hosts,hostname,machine-id,xpra,X11 |
41 | 39 | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 60e414755..f46fdea35 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -230,6 +230,7 @@ wire | |||
230 | wireshark | 230 | wireshark |
231 | xchat | 231 | xchat |
232 | xed | 232 | xed |
233 | Xephyr | ||
233 | xfburn | 234 | xfburn |
234 | xfce4-dict | 235 | xfce4-dict |
235 | xfce4-notes | 236 | xfce4-notes |
@@ -239,6 +240,7 @@ xonotic-glx | |||
239 | xonotic-sdl | 240 | xonotic-sdl |
240 | xpdf | 241 | xpdf |
241 | xplayer | 242 | xplayer |
243 | xpra | ||
242 | xreader | 244 | xreader |
243 | xviewer | 245 | xviewer |
244 | youtube-dl | 246 | youtube-dl |