diff options
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 28 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 1 | ||||
-rw-r--r-- | etc/disable-devel.inc | 2 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 | ||||
-rwxr-xr-x | test/doubledash.exp | 2 | ||||
-rwxr-xr-x | test/extract_command.exp | 2 | ||||
-rwxr-xr-x | test/seccomp-dualfilter.exp | 4 | ||||
-rwxr-xr-x | test/sound.exp | 10 | ||||
-rwxr-xr-x | test/wine.exp | 2 |
12 files changed, 31 insertions, 26 deletions
diff --git a/Makefile.in b/Makefile.in index 701e2856f..d4a2a0eb0 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -160,6 +160,7 @@ realinstall: | |||
160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
161 | install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 161 | install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
162 | install -c -m 0644 .etc/dnsmasq.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 162 | install -c -m 0644 .etc/dnsmasq.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
163 | install -c -m 0644 .etc/palemoon.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
163 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 164 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
164 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 165 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
165 | rm -fr .etc | 166 | rm -fr .etc |
@@ -18,6 +18,21 @@ License: GPL v2 | |||
18 | Firejail Authors: | 18 | Firejail Authors: |
19 | 19 | ||
20 | netblue30 (netblue30@yahoo.com) | 20 | netblue30 (netblue30@yahoo.com) |
21 | Fred-Barclay (https://github.com/Fred-Barclay) | ||
22 | - added Vivaldi, Atril profiles | ||
23 | - added PaleMoon profile | ||
24 | avoidr (https://github.com/avoidr) | ||
25 | - whitelist fix | ||
26 | - recently-used.xbel fix | ||
27 | - added parole profile | ||
28 | - blacklist ncat, manpage fixes, | ||
29 | - hostname support in profile file | ||
30 | - Google Chrome profile rework | ||
31 | - added cmus profile | ||
32 | - man page fixes | ||
33 | - add net iface support in profile files | ||
34 | - paths fix | ||
35 | - lots of profile fixes | ||
21 | Petter Reinholdtsen (pere@hungry.com) | 36 | Petter Reinholdtsen (pere@hungry.com) |
22 | - Opera profile patch | 37 | - Opera profile patch |
23 | n1trux (https://github.com/n1trux) | 38 | n1trux (https://github.com/n1trux) |
@@ -30,8 +45,6 @@ Benjamin Kampmann (https://github.com/ligthyear) | |||
30 | - Forward exit code from child process | 45 | - Forward exit code from child process |
31 | dshmgh (https://github.com/dshmgh) | 46 | dshmgh (https://github.com/dshmgh) |
32 | - overlayfs fix for systems with /home mounted on a separate partition | 47 | - overlayfs fix for systems with /home mounted on a separate partition |
33 | Fred-Barclay (https://github.com/Fred-Barclay) | ||
34 | - added Vivaldi, Atril profiles | ||
35 | yumkam (https://github.com/yumkam) | 48 | yumkam (https://github.com/yumkam) |
36 | - add compile-time option to restrict --net= to root only | 49 | - add compile-time option to restrict --net= to root only |
37 | - man page fixes | 50 | - man page fixes |
@@ -95,17 +108,6 @@ Peter Hogg (https://github.com/pigmonkey) | |||
95 | - rtorrent profile | 108 | - rtorrent profile |
96 | rogshdo (https://github.com/rogshdo) | 109 | rogshdo (https://github.com/rogshdo) |
97 | - BitlBee profile | 110 | - BitlBee profile |
98 | avoidr (https://github.com/avoidr) | ||
99 | - whitelist fix | ||
100 | - recently-used.xbel fix | ||
101 | - added parole profile | ||
102 | - blacklist ncat, manpage fixes, | ||
103 | - hostname support in profile file | ||
104 | - Google Chrome profile rework | ||
105 | - added cmus profile | ||
106 | - man page fixes | ||
107 | - add net iface support in profile files | ||
108 | - paths fix | ||
109 | Bruno Nova (https://github.com/brunonova) | 111 | Bruno Nova (https://github.com/brunonova) |
110 | - whitelist fix | 112 | - whitelist fix |
111 | - bash arguments fix | 113 | - bash arguments fix |
@@ -281,5 +281,5 @@ $ man firejail-profile | |||
281 | 281 | ||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq. | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq, PaleMoon |
285 | 285 | ||
@@ -18,6 +18,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | 18 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril |
19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | 19 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars |
20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq | 20 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq |
21 | * new profiles: PaleMoon | ||
21 | * build rpm packages using "make rpms" | 22 | * build rpm packages using "make rpms" |
22 | * bugfixes | 23 | * bugfixes |
23 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 24 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index ff7fb7f21..fa77ed8d1 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -40,7 +40,7 @@ blacklist /usr/bin/python2* | |||
40 | blacklist /usr/lib/python2* | 40 | blacklist /usr/lib/python2* |
41 | blacklist /usr/local/lib/python2* | 41 | blacklist /usr/local/lib/python2* |
42 | blacklist /usr/include/python2* | 42 | blacklist /usr/include/python2* |
43 | blacklist /usr/share/python2* #If this exists (not on my machine). | 43 | blacklist /usr/share/python2* |
44 | 44 | ||
45 | # Python 3 | 45 | # Python 3 |
46 | blacklist /usr/bin/python3* | 46 | blacklist /usr/bin/python3* |
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index ec6928074..c16323a92 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -80,3 +80,4 @@ | |||
80 | /etc/firejail/dillo.profile | 80 | /etc/firejail/dillo.profile |
81 | /etc/firejail/cmus.profile | 81 | /etc/firejail/cmus.profile |
82 | /etc/firejail/dnsmasq.profile | 82 | /etc/firejail/dnsmasq.profile |
83 | /etc/firejail/palemoon.profile | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index b3fafa0c2..7ee76d096 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -501,7 +501,7 @@ void fs_blacklist(void) { | |||
501 | char *new_name = expand_home(ptr, homedir); | 501 | char *new_name = expand_home(ptr, homedir); |
502 | ptr = new_name; | 502 | ptr = new_name; |
503 | 503 | ||
504 | // expand path macro - look for the file in /usr/local/bin, /bin, /usr/bin, /sbin and /usr/sbin directories | 504 | // expand path macro - look for the file in /usr/local/bin, /usr/local/sbin, /bin, /usr/bin, /sbin and /usr/sbin directories |
505 | if (ptr) { | 505 | if (ptr) { |
506 | if (strncmp(ptr, "${PATH}", 7) == 0) { | 506 | if (strncmp(ptr, "${PATH}", 7) == 0) { |
507 | char *fname = ptr + 7; | 507 | char *fname = ptr + 7; |
diff --git a/test/doubledash.exp b/test/doubledash.exp index 3c8a42471..668468980 100755 --- a/test/doubledash.exp +++ b/test/doubledash.exp | |||
@@ -15,7 +15,7 @@ expect { | |||
15 | } | 15 | } |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 3\n";exit} | 17 | timeout {puts "TESTING ERROR 3\n";exit} |
18 | "parent is shutting down" | 18 | "Parent is shutting down" |
19 | } | 19 | } |
20 | sleep 1 | 20 | sleep 1 |
21 | 21 | ||
diff --git a/test/extract_command.exp b/test/extract_command.exp index cbc36afd4..99c1cc134 100755 --- a/test/extract_command.exp +++ b/test/extract_command.exp | |||
@@ -15,7 +15,7 @@ expect { | |||
15 | } | 15 | } |
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 17 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "parent is shutting down, bye" | 18 | "Parent is shutting down, bye" |
19 | } | 19 | } |
20 | sleep 1 | 20 | sleep 1 |
21 | 21 | ||
diff --git a/test/seccomp-dualfilter.exp b/test/seccomp-dualfilter.exp index b497be5ea..afdf8a53a 100755 --- a/test/seccomp-dualfilter.exp +++ b/test/seccomp-dualfilter.exp | |||
@@ -16,7 +16,7 @@ expect { | |||
16 | expect { | 16 | expect { |
17 | timeout {puts "TESTING ERROR 2\n";exit} | 17 | timeout {puts "TESTING ERROR 2\n";exit} |
18 | "after mount" {puts "TESTING ERROR 2.1\n";exit} | 18 | "after mount" {puts "TESTING ERROR 2.1\n";exit} |
19 | "parent is shutting down" | 19 | "Parent is shutting down" |
20 | } | 20 | } |
21 | sleep 1 | 21 | sleep 1 |
22 | 22 | ||
@@ -32,7 +32,7 @@ expect { | |||
32 | expect { | 32 | expect { |
33 | timeout {puts "TESTING ERROR 5\n";exit} | 33 | timeout {puts "TESTING ERROR 5\n";exit} |
34 | "after mount" {puts "TESTING ERROR 5.1\n";exit} | 34 | "after mount" {puts "TESTING ERROR 5.1\n";exit} |
35 | "parent is shutting down" | 35 | "Parent is shutting down" |
36 | } | 36 | } |
37 | 37 | ||
38 | puts "\nall done\n" | 38 | puts "\nall done\n" |
diff --git a/test/sound.exp b/test/sound.exp index 7df50bf16..078f8b416 100755 --- a/test/sound.exp +++ b/test/sound.exp | |||
@@ -11,7 +11,7 @@ expect { | |||
11 | } | 11 | } |
12 | expect { | 12 | expect { |
13 | timeout {puts "TESTING ERROR 2\n";exit} | 13 | timeout {puts "TESTING ERROR 2\n";exit} |
14 | "parent is shutting down" | 14 | "Parent is shutting down" |
15 | } | 15 | } |
16 | sleep 2 | 16 | sleep 2 |
17 | 17 | ||
@@ -27,7 +27,7 @@ expect { | |||
27 | } | 27 | } |
28 | expect { | 28 | expect { |
29 | timeout {puts "TESTING ERROR 5\n";exit} | 29 | timeout {puts "TESTING ERROR 5\n";exit} |
30 | "parent is shutting down" | 30 | "Parent is shutting down" |
31 | } | 31 | } |
32 | sleep 2 | 32 | sleep 2 |
33 | 33 | ||
@@ -39,7 +39,7 @@ expect { | |||
39 | } | 39 | } |
40 | expect { | 40 | expect { |
41 | timeout {puts "TESTING ERROR 12\n";exit} | 41 | timeout {puts "TESTING ERROR 12\n";exit} |
42 | "parent is shutting down" | 42 | "Parent is shutting down" |
43 | } | 43 | } |
44 | sleep 2 | 44 | sleep 2 |
45 | 45 | ||
@@ -55,7 +55,7 @@ expect { | |||
55 | } | 55 | } |
56 | expect { | 56 | expect { |
57 | timeout {puts "TESTING ERROR 15\n";exit} | 57 | timeout {puts "TESTING ERROR 15\n";exit} |
58 | "parent is shutting down" | 58 | "Parent is shutting down" |
59 | } | 59 | } |
60 | sleep 2 | 60 | sleep 2 |
61 | 61 | ||
@@ -71,7 +71,7 @@ expect { | |||
71 | } | 71 | } |
72 | expect { | 72 | expect { |
73 | timeout {puts "TESTING ERROR 25\n";exit} | 73 | timeout {puts "TESTING ERROR 25\n";exit} |
74 | "parent is shutting down" | 74 | "Parent is shutting down" |
75 | } | 75 | } |
76 | sleep 2 | 76 | sleep 2 |
77 | 77 | ||
diff --git a/test/wine.exp b/test/wine.exp index d87c1f205..f5b7d12b4 100755 --- a/test/wine.exp +++ b/test/wine.exp | |||
@@ -23,7 +23,7 @@ expect { | |||
23 | } | 23 | } |
24 | expect { | 24 | expect { |
25 | timeout {puts "TESTING ERROR 4\n";exit} | 25 | timeout {puts "TESTING ERROR 4\n";exit} |
26 | "parent is shutting down, bye..." | 26 | "Parent is shutting down, bye..." |
27 | } | 27 | } |
28 | 28 | ||
29 | puts "\nall done\n" | 29 | puts "\nall done\n" |