diff options
-rw-r--r-- | README | 37 | ||||
-rw-r--r-- | etc/disable-devel.inc | 24 | ||||
-rw-r--r-- | src/firejail/fs.c | 2 |
3 files changed, 34 insertions, 29 deletions
@@ -18,6 +18,25 @@ License: GPL v2 | |||
18 | Firejail Authors: | 18 | Firejail Authors: |
19 | 19 | ||
20 | netblue30 (netblue30@yahoo.com) | 20 | netblue30 (netblue30@yahoo.com) |
21 | Reiner Herrmann | ||
22 | - a number of build patches | ||
23 | - man page fixes | ||
24 | - Debian and Ubuntu integration | ||
25 | - clang-analyzer fixes | ||
26 | - Debian reproducible build | ||
27 | - unit testing framework | ||
28 | avoidr (https://github.com/avoidr) | ||
29 | - whitelist fix | ||
30 | - recently-used.xbel fix | ||
31 | - added parole profile | ||
32 | - blacklist ncat, manpage fixes, | ||
33 | - hostname support in profile file | ||
34 | - Google Chrome profile rework | ||
35 | - added cmus profile | ||
36 | - man page fixes | ||
37 | - add net iface support in profile files | ||
38 | - paths fix | ||
39 | - lots of profile fixes | ||
21 | Ruan (https://github.com/ruany) | 40 | Ruan (https://github.com/ruany) |
22 | - fixed hexchat profile | 41 | - fixed hexchat profile |
23 | Vasya Novikov (https://github.com/vn971) | 42 | Vasya Novikov (https://github.com/vn971) |
@@ -50,18 +69,6 @@ Fred-Barclay (https://github.com/Fred-Barclay) | |||
50 | - fixed HexChat and Atril profiles | 69 | - fixed HexChat and Atril profiles |
51 | - fixed disable-common.inc for mate-terminal | 70 | - fixed disable-common.inc for mate-terminal |
52 | - blacklisted escape-happy terminals in disable-common.inc | 71 | - blacklisted escape-happy terminals in disable-common.inc |
53 | avoidr (https://github.com/avoidr) | ||
54 | - whitelist fix | ||
55 | - recently-used.xbel fix | ||
56 | - added parole profile | ||
57 | - blacklist ncat, manpage fixes, | ||
58 | - hostname support in profile file | ||
59 | - Google Chrome profile rework | ||
60 | - added cmus profile | ||
61 | - man page fixes | ||
62 | - add net iface support in profile files | ||
63 | - paths fix | ||
64 | - lots of profile fixes | ||
65 | Petter Reinholdtsen (pere@hungry.com) | 72 | Petter Reinholdtsen (pere@hungry.com) |
66 | - Opera profile patch | 73 | - Opera profile patch |
67 | n1trux (https://github.com/n1trux) | 74 | n1trux (https://github.com/n1trux) |
@@ -166,12 +173,6 @@ sarneaud (https://github.com/sarneaud) | |||
166 | - various enhancements and bug fixes | 173 | - various enhancements and bug fixes |
167 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | 174 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) |
168 | - user namespace implementation | 175 | - user namespace implementation |
169 | Reiner Herrmann | ||
170 | - a number of build patches | ||
171 | - man page fixes | ||
172 | - Debian and Ubuntu integration | ||
173 | - clang-analyzer fixes | ||
174 | - Debian reproducible build | ||
175 | sshirokov (http://sourceforge.net/u/yshirokov/profile/) | 176 | sshirokov (http://sourceforge.net/u/yshirokov/profile/) |
176 | - Patch to output "Reading profile" to stderr instead of stdout | 177 | - Patch to output "Reading profile" to stderr instead of stdout |
177 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) | 178 | G4JC (http://sourceforge.net/u/gaming4jc/profile/) |
diff --git a/etc/disable-devel.inc b/etc/disable-devel.inc index fa77ed8d1..2805938d7 100644 --- a/etc/disable-devel.inc +++ b/etc/disable-devel.inc | |||
@@ -35,17 +35,19 @@ blacklist /usr/lib/php* | |||
35 | blacklist /usr/bin/ruby | 35 | blacklist /usr/bin/ruby |
36 | blacklist /usr/lib/ruby | 36 | blacklist /usr/lib/ruby |
37 | 37 | ||
38 | # disabled temporarily pending globbing implementation | ||
39 | # in noblacklist command and firefox profile fix | ||
38 | # Python 2 | 40 | # Python 2 |
39 | blacklist /usr/bin/python2* | 41 | #blacklist /usr/bin/python2* |
40 | blacklist /usr/lib/python2* | 42 | #blacklist /usr/lib/python2* |
41 | blacklist /usr/local/lib/python2* | 43 | #blacklist /usr/local/lib/python2* |
42 | blacklist /usr/include/python2* | 44 | #blacklist /usr/include/python2* |
43 | blacklist /usr/share/python2* | 45 | #blacklist /usr/share/python2* |
44 | 46 | # | |
45 | # Python 3 | 47 | # Python 3 |
46 | blacklist /usr/bin/python3* | 48 | #blacklist /usr/bin/python3* |
47 | blacklist /usr/lib/python3* | 49 | #blacklist /usr/lib/python3* |
48 | blacklist /usr/local/lib/python3* | 50 | #blacklist /usr/local/lib/python3* |
49 | blacklist /usr/share/python3* | 51 | #blacklist /usr/share/python3* |
50 | blacklist /usr/include/python3* | 52 | #blacklist /usr/include/python3* |
51 | 53 | ||
diff --git a/src/firejail/fs.c b/src/firejail/fs.c index 171b4848c..4dff6fce8 100644 --- a/src/firejail/fs.c +++ b/src/firejail/fs.c | |||
@@ -729,9 +729,11 @@ void fs_basic_fs(void) { | |||
729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); | 729 | printf("Mounting read-only /bin, /sbin, /lib, /lib32, /lib64, /usr"); |
730 | if (!arg_writable_etc) { | 730 | if (!arg_writable_etc) { |
731 | fs_rdonly("/etc"); | 731 | fs_rdonly("/etc"); |
732 | if (arg_debug) printf(", /etc"); | ||
732 | } | 733 | } |
733 | if (!arg_writable_var) { | 734 | if (!arg_writable_var) { |
734 | fs_rdonly("/var"); | 735 | fs_rdonly("/var"); |
736 | if (arg_debug) printf(", /var"); | ||
735 | } | 737 | } |
736 | if (arg_debug) printf("\n"); | 738 | if (arg_debug) printf("\n"); |
737 | fs_rdonly("/bin"); | 739 | fs_rdonly("/bin"); |