diff options
-rw-r--r-- | RELNOTES | 3 | ||||
-rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
-rw-r--r-- | etc/inc/disable-shell.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/claws-mail.profile | 5 | ||||
-rw-r--r-- | etc/profile-a-l/email-common.profile | 3 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
-rw-r--r-- | src/man/firejail.txt | 2 |
7 files changed, 15 insertions, 3 deletions
@@ -1,6 +1,7 @@ | |||
1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
2 | * allow --tmpfs inside $HOME for unprivileged users | 2 | * allow --tmpfs inside $HOME for unprivileged users |
3 | * --disable-usertmpfs compile time option | 3 | * --disable-usertmpfs compile time option |
4 | * allow AF_BLUETOOTH via --protocol=bluetooth | ||
4 | * new profiles: spectacle, chromium-browser-privacy | 5 | * new profiles: spectacle, chromium-browser-privacy |
5 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 | 6 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 |
6 | 7 | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 9ad4e04d4..1268b4cd2 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
@@ -268,9 +268,11 @@ read-only ${HOME}/.config/fish | |||
268 | read-only ${HOME}/.csh_files | 268 | read-only ${HOME}/.csh_files |
269 | read-only ${HOME}/.cshrc | 269 | read-only ${HOME}/.cshrc |
270 | read-only ${HOME}/.forward | 270 | read-only ${HOME}/.forward |
271 | read-only ${HOME}/.kshrc | ||
271 | read-only ${HOME}/.local/share/fish | 272 | read-only ${HOME}/.local/share/fish |
272 | read-only ${HOME}/.login | 273 | read-only ${HOME}/.login |
273 | read-only ${HOME}/.logout | 274 | read-only ${HOME}/.logout |
275 | read-only ${HOME}/.mkshrc | ||
274 | read-only ${HOME}/.oh-my-zsh | 276 | read-only ${HOME}/.oh-my-zsh |
275 | read-only ${HOME}/.pam_environment | 277 | read-only ${HOME}/.pam_environment |
276 | read-only ${HOME}/.pgpkey | 278 | read-only ${HOME}/.pgpkey |
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index fda528eb6..e66d23c9f 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
@@ -7,6 +7,7 @@ blacklist ${PATH}/csh | |||
7 | blacklist ${PATH}/dash | 7 | blacklist ${PATH}/dash |
8 | blacklist ${PATH}/fish | 8 | blacklist ${PATH}/fish |
9 | blacklist ${PATH}/ksh | 9 | blacklist ${PATH}/ksh |
10 | blacklist ${PATH}/mksh | ||
10 | blacklist ${PATH}/sh | 11 | blacklist ${PATH}/sh |
11 | blacklist ${PATH}/tclsh | 12 | blacklist ${PATH}/tclsh |
12 | blacklist ${PATH}/tcsh | 13 | blacklist ${PATH}/tcsh |
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 24954b2d8..69196c578 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
@@ -18,5 +18,10 @@ whitelist ${HOME}/.claws-mail | |||
18 | 18 | ||
19 | whitelist /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
20 | 20 | ||
21 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) | ||
22 | #ignore dbus-user none | ||
23 | #dbus-user filter | ||
24 | #dbus-user.talk org.freedesktop.Notifications | ||
25 | |||
21 | # Redirect | 26 | # Redirect |
22 | include email-common.profile | 27 | include email-common.profile |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 3bc417557..df47f478d 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
@@ -58,6 +58,9 @@ private-cache | |||
58 | private-dev | 58 | private-dev |
59 | private-tmp | 59 | private-tmp |
60 | 60 | ||
61 | dbus-user none | ||
62 | dbus-system none | ||
63 | |||
61 | # encrypting and signing email | 64 | # encrypting and signing email |
62 | writable-run-user | 65 | writable-run-user |
63 | 66 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ef7dccbfb..9524254c1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -412,7 +412,7 @@ There is no root account (uid 0) defined in the namespace. | |||
412 | \fBprotocol protocol1,protocol2,protocol3 | 412 | \fBprotocol protocol1,protocol2,protocol3 |
413 | Enable protocol filter. The filter is based on seccomp and checks the | 413 | Enable protocol filter. The filter is based on seccomp and checks the |
414 | first argument to socket system call. Recognized values: \fBunix\fR, | 414 | first argument to socket system call. Recognized values: \fBunix\fR, |
415 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. | 415 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR and \fBbluetooth\fR. |
416 | .TP | 416 | .TP |
417 | \fBseccomp | 417 | \fBseccomp |
418 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 418 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 219eba10e..8c73962fb 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
@@ -2003,7 +2003,7 @@ $ firejail \-\-profile.print=browser | |||
2003 | .TP | 2003 | .TP |
2004 | \fB\-\-protocol=protocol,protocol,protocol | 2004 | \fB\-\-protocol=protocol,protocol,protocol |
2005 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. | 2005 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. |
2006 | Recognized values: unix, inet, inet6, netlink and packet. This option is not supported for i386 architecture. | 2006 | Recognized values: unix, inet, inet6, netlink, packet and bluetooth. This option is not supported for i386 architecture. |
2007 | .br | 2007 | .br |
2008 | 2008 | ||
2009 | .br | 2009 | .br |