diff options
-rw-r--r-- | RELNOTES | 5 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/sandbox.c | 4 |
4 files changed, 17 insertions, 12 deletions
@@ -1,4 +1,4 @@ | |||
1 | firejail (0.9.38-rc1) baseline; urgency=low | 1 | firejail (0.9.38) baseline; urgency=low |
2 | * IPv6 support (--ip6 and --netfilter6) | 2 | * IPv6 support (--ip6 and --netfilter6) |
3 | * --join command enhancement (--join-network, --join-filesystem) | 3 | * --join command enhancement (--join-network, --join-filesystem) |
4 | * added --user command | 4 | * added --user command |
@@ -9,11 +9,12 @@ firejail (0.9.38-rc1) baseline; urgency=low | |||
9 | * and mupen64plus profiles | 9 | * and mupen64plus profiles |
10 | * --chroot in user mode allowed only if seccomp support is available | 10 | * --chroot in user mode allowed only if seccomp support is available |
11 | * in current Linux kernel | 11 | * in current Linux kernel |
12 | * deprecated --private-home feature | ||
12 | * the first protocol list installed takes precedence | 13 | * the first protocol list installed takes precedence |
13 | * --tmpfs option allowed only running as root | 14 | * --tmpfs option allowed only running as root |
14 | * added --private-tmp option | 15 | * added --private-tmp option |
15 | * bugfixes | 16 | * bugfixes |
16 | -- netblue30 <netblue30@yahoo.com> Fri, 29 Jan 2016 10:00:00 -0500 | 17 | -- netblue30 <netblue30@yahoo.com> Mon, 2 Feb 2016 10:00:00 -0500 |
17 | 18 | ||
18 | firejail (0.9.36) baseline; urgency=low | 19 | firejail (0.9.36) baseline; urgency=low |
19 | * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, | 20 | * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.38-rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.38. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.38-rc1' | 583 | PACKAGE_VERSION='0.9.38' |
584 | PACKAGE_STRING='firejail 0.9.38-rc1' | 584 | PACKAGE_STRING='firejail 0.9.38' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1242,7 +1242,7 @@ if test "$ac_init_help" = "long"; then | |||
1242 | # Omit some internal or obsolete options to make the list less imposing. | 1242 | # Omit some internal or obsolete options to make the list less imposing. |
1243 | # This message is too long to be a string in the A/UX 3.1 sh. | 1243 | # This message is too long to be a string in the A/UX 3.1 sh. |
1244 | cat <<_ACEOF | 1244 | cat <<_ACEOF |
1245 | \`configure' configures firejail 0.9.38-rc1 to adapt to many kinds of systems. | 1245 | \`configure' configures firejail 0.9.38 to adapt to many kinds of systems. |
1246 | 1246 | ||
1247 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1247 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1248 | 1248 | ||
@@ -1303,7 +1303,7 @@ fi | |||
1303 | 1303 | ||
1304 | if test -n "$ac_init_help"; then | 1304 | if test -n "$ac_init_help"; then |
1305 | case $ac_init_help in | 1305 | case $ac_init_help in |
1306 | short | recursive ) echo "Configuration of firejail 0.9.38-rc1:";; | 1306 | short | recursive ) echo "Configuration of firejail 0.9.38:";; |
1307 | esac | 1307 | esac |
1308 | cat <<\_ACEOF | 1308 | cat <<\_ACEOF |
1309 | 1309 | ||
@@ -1395,7 +1395,7 @@ fi | |||
1395 | test -n "$ac_init_help" && exit $ac_status | 1395 | test -n "$ac_init_help" && exit $ac_status |
1396 | if $ac_init_version; then | 1396 | if $ac_init_version; then |
1397 | cat <<\_ACEOF | 1397 | cat <<\_ACEOF |
1398 | firejail configure 0.9.38-rc1 | 1398 | firejail configure 0.9.38 |
1399 | generated by GNU Autoconf 2.69 | 1399 | generated by GNU Autoconf 2.69 |
1400 | 1400 | ||
1401 | Copyright (C) 2012 Free Software Foundation, Inc. | 1401 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1697,7 +1697,7 @@ cat >config.log <<_ACEOF | |||
1697 | This file contains any messages produced by compilers while | 1697 | This file contains any messages produced by compilers while |
1698 | running configure, to aid debugging if configure makes a mistake. | 1698 | running configure, to aid debugging if configure makes a mistake. |
1699 | 1699 | ||
1700 | It was created by firejail $as_me 0.9.38-rc1, which was | 1700 | It was created by firejail $as_me 0.9.38, which was |
1701 | generated by GNU Autoconf 2.69. Invocation command line was | 1701 | generated by GNU Autoconf 2.69. Invocation command line was |
1702 | 1702 | ||
1703 | $ $0 $@ | 1703 | $ $0 $@ |
@@ -4140,7 +4140,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4140 | # report actual input values of CONFIG_FILES etc. instead of their | 4140 | # report actual input values of CONFIG_FILES etc. instead of their |
4141 | # values after options handling. | 4141 | # values after options handling. |
4142 | ac_log=" | 4142 | ac_log=" |
4143 | This file was extended by firejail $as_me 0.9.38-rc1, which was | 4143 | This file was extended by firejail $as_me 0.9.38, which was |
4144 | generated by GNU Autoconf 2.69. Invocation command line was | 4144 | generated by GNU Autoconf 2.69. Invocation command line was |
4145 | 4145 | ||
4146 | CONFIG_FILES = $CONFIG_FILES | 4146 | CONFIG_FILES = $CONFIG_FILES |
@@ -4194,7 +4194,7 @@ _ACEOF | |||
4194 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4194 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4195 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4195 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4196 | ac_cs_version="\\ | 4196 | ac_cs_version="\\ |
4197 | firejail config.status 0.9.38-rc1 | 4197 | firejail config.status 0.9.38 |
4198 | configured by $0, generated by GNU Autoconf 2.69, | 4198 | configured by $0, generated by GNU Autoconf 2.69, |
4199 | with options \\"\$ac_cs_config\\" | 4199 | with options \\"\$ac_cs_config\\" |
4200 | 4200 | ||
diff --git a/configure.ac b/configure.ac index c605ba01d..4c0ff4870 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.38-rc1, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.38, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 0ad8e2f65..85f65b610 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
@@ -349,7 +349,9 @@ int sandbox(void* sandbox_arg) { | |||
349 | //**************************** | 349 | //**************************** |
350 | // configure filesystem | 350 | // configure filesystem |
351 | //**************************** | 351 | //**************************** |
352 | #ifdef HAVE_SECCOMP | ||
352 | int enforce_seccomp = 0; | 353 | int enforce_seccomp = 0; |
354 | #endif | ||
353 | #ifdef HAVE_CHROOT | 355 | #ifdef HAVE_CHROOT |
354 | if (cfg.chrootdir) { | 356 | if (cfg.chrootdir) { |
355 | fs_chroot(cfg.chrootdir); | 357 | fs_chroot(cfg.chrootdir); |
@@ -361,7 +363,9 @@ int sandbox(void* sandbox_arg) { | |||
361 | // force default seccomp inside the chroot, no keep or drop list | 363 | // force default seccomp inside the chroot, no keep or drop list |
362 | // the list build on top of the default drop list is kept intact | 364 | // the list build on top of the default drop list is kept intact |
363 | arg_seccomp = 1; | 365 | arg_seccomp = 1; |
366 | #ifdef HAVE_SECCOMP | ||
364 | enforce_seccomp = 1; | 367 | enforce_seccomp = 1; |
368 | #endif | ||
365 | if (cfg.seccomp_list_drop) { | 369 | if (cfg.seccomp_list_drop) { |
366 | free(cfg.seccomp_list_drop); | 370 | free(cfg.seccomp_list_drop); |
367 | cfg.seccomp_list_drop = NULL; | 371 | cfg.seccomp_list_drop = NULL; |