diff options
| -rw-r--r-- | RELNOTES | 3 | ||||
| -rw-r--r-- | etc/inc/disable-common.inc | 2 | ||||
| -rw-r--r-- | etc/inc/disable-shell.inc | 1 | ||||
| -rw-r--r-- | etc/profile-a-l/claws-mail.profile | 5 | ||||
| -rw-r--r-- | etc/profile-a-l/email-common.profile | 3 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
| -rw-r--r-- | src/man/firejail.txt | 2 |
7 files changed, 15 insertions, 3 deletions
| @@ -1,6 +1,7 @@ | |||
| 1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
| 2 | * allow --tmpfs inside $HOME for unprivileged users | 2 | * allow --tmpfs inside $HOME for unprivileged users |
| 3 | * --disable-usertmpfs compile time option | 3 | * --disable-usertmpfs compile time option |
| 4 | * allow AF_BLUETOOTH via --protocol=bluetooth | ||
| 4 | * new profiles: spectacle, chromium-browser-privacy | 5 | * new profiles: spectacle, chromium-browser-privacy |
| 5 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 | 6 | -- netblue30 <netblue30@yahoo.com> Wed, 21 Oct 2020 09:00:00 -0500 |
| 6 | 7 | ||
diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc index 9ad4e04d4..1268b4cd2 100644 --- a/etc/inc/disable-common.inc +++ b/etc/inc/disable-common.inc | |||
| @@ -268,9 +268,11 @@ read-only ${HOME}/.config/fish | |||
| 268 | read-only ${HOME}/.csh_files | 268 | read-only ${HOME}/.csh_files |
| 269 | read-only ${HOME}/.cshrc | 269 | read-only ${HOME}/.cshrc |
| 270 | read-only ${HOME}/.forward | 270 | read-only ${HOME}/.forward |
| 271 | read-only ${HOME}/.kshrc | ||
| 271 | read-only ${HOME}/.local/share/fish | 272 | read-only ${HOME}/.local/share/fish |
| 272 | read-only ${HOME}/.login | 273 | read-only ${HOME}/.login |
| 273 | read-only ${HOME}/.logout | 274 | read-only ${HOME}/.logout |
| 275 | read-only ${HOME}/.mkshrc | ||
| 274 | read-only ${HOME}/.oh-my-zsh | 276 | read-only ${HOME}/.oh-my-zsh |
| 275 | read-only ${HOME}/.pam_environment | 277 | read-only ${HOME}/.pam_environment |
| 276 | read-only ${HOME}/.pgpkey | 278 | read-only ${HOME}/.pgpkey |
diff --git a/etc/inc/disable-shell.inc b/etc/inc/disable-shell.inc index fda528eb6..e66d23c9f 100644 --- a/etc/inc/disable-shell.inc +++ b/etc/inc/disable-shell.inc | |||
| @@ -7,6 +7,7 @@ blacklist ${PATH}/csh | |||
| 7 | blacklist ${PATH}/dash | 7 | blacklist ${PATH}/dash |
| 8 | blacklist ${PATH}/fish | 8 | blacklist ${PATH}/fish |
| 9 | blacklist ${PATH}/ksh | 9 | blacklist ${PATH}/ksh |
| 10 | blacklist ${PATH}/mksh | ||
| 10 | blacklist ${PATH}/sh | 11 | blacklist ${PATH}/sh |
| 11 | blacklist ${PATH}/tclsh | 12 | blacklist ${PATH}/tclsh |
| 12 | blacklist ${PATH}/tcsh | 13 | blacklist ${PATH}/tcsh |
diff --git a/etc/profile-a-l/claws-mail.profile b/etc/profile-a-l/claws-mail.profile index 24954b2d8..69196c578 100644 --- a/etc/profile-a-l/claws-mail.profile +++ b/etc/profile-a-l/claws-mail.profile | |||
| @@ -18,5 +18,10 @@ whitelist ${HOME}/.claws-mail | |||
| 18 | 18 | ||
| 19 | whitelist /usr/share/doc/claws-mail | 19 | whitelist /usr/share/doc/claws-mail |
| 20 | 20 | ||
| 21 | # if you use the notification plugin you need to uncomment the below (or put them in your claws-mail.local) | ||
| 22 | #ignore dbus-user none | ||
| 23 | #dbus-user filter | ||
| 24 | #dbus-user.talk org.freedesktop.Notifications | ||
| 25 | |||
| 21 | # Redirect | 26 | # Redirect |
| 22 | include email-common.profile | 27 | include email-common.profile |
diff --git a/etc/profile-a-l/email-common.profile b/etc/profile-a-l/email-common.profile index 3bc417557..df47f478d 100644 --- a/etc/profile-a-l/email-common.profile +++ b/etc/profile-a-l/email-common.profile | |||
| @@ -58,6 +58,9 @@ private-cache | |||
| 58 | private-dev | 58 | private-dev |
| 59 | private-tmp | 59 | private-tmp |
| 60 | 60 | ||
| 61 | dbus-user none | ||
| 62 | dbus-system none | ||
| 63 | |||
| 61 | # encrypting and signing email | 64 | # encrypting and signing email |
| 62 | writable-run-user | 65 | writable-run-user |
| 63 | 66 | ||
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index ef7dccbfb..9524254c1 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -412,7 +412,7 @@ There is no root account (uid 0) defined in the namespace. | |||
| 412 | \fBprotocol protocol1,protocol2,protocol3 | 412 | \fBprotocol protocol1,protocol2,protocol3 |
| 413 | Enable protocol filter. The filter is based on seccomp and checks the | 413 | Enable protocol filter. The filter is based on seccomp and checks the |
| 414 | first argument to socket system call. Recognized values: \fBunix\fR, | 414 | first argument to socket system call. Recognized values: \fBunix\fR, |
| 415 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR and \fBpacket\fR. | 415 | \fBinet\fR, \fBinet6\fR, \fBnetlink\fR, \fBpacket\fR and \fBbluetooth\fR. |
| 416 | .TP | 416 | .TP |
| 417 | \fBseccomp | 417 | \fBseccomp |
| 418 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. | 418 | Enable seccomp filter and blacklist the syscalls in the default list. See man 1 firejail for more details. |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 219eba10e..8c73962fb 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -2003,7 +2003,7 @@ $ firejail \-\-profile.print=browser | |||
| 2003 | .TP | 2003 | .TP |
| 2004 | \fB\-\-protocol=protocol,protocol,protocol | 2004 | \fB\-\-protocol=protocol,protocol,protocol |
| 2005 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. | 2005 | Enable protocol filter. The filter is based on seccomp and checks the first argument to socket system call. |
| 2006 | Recognized values: unix, inet, inet6, netlink and packet. This option is not supported for i386 architecture. | 2006 | Recognized values: unix, inet, inet6, netlink, packet and bluetooth. This option is not supported for i386 architecture. |
| 2007 | .br | 2007 | .br |
| 2008 | 2008 | ||
| 2009 | .br | 2009 | .br |