4 files changed, 7 insertions, 5 deletions

diff --git a/RELNOTES b/RELNOTES
index 0f1dc1ff6..dfdf1d909 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -25,6 +25,7 @@ firejail (0.9.72) baseline; urgency=low
   * modif: disabled tracelog by default in /etc/firejail/firejail.config
     (#5190)
   * modif: removed grsecurity support
+  * modif: disabled whitelisting for /dev directory
   * bugfix: Flood of seccomp audit log entries (#5207)
   * bugfix: --netlock does not work (Error: no valid sandbox) (#5312)
   * build: deduplicate configure-time vars into new config files (#5140 #5284)
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 39c81312c..4320ae4fc 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -3040,7 +3040,7 @@ $ firejail \-\-net=br0 --veth-name=if0
 Whitelist directory or file. A temporary file system is mounted on the top directory, and the
 whitelisted files are mount-binded inside. Modifications to whitelisted files are persistent,
 everything else is discarded when the sandbox is closed. The top directory can be
-all directories in / (except /proc and /sys), /sys/module, /run/user/$UID, $HOME and
+all directories in / (except /dev, /proc and /sys), /sys/module, /run/user/$UID, $HOME and
 all directories in /usr.
 .br
 
@@ -3064,7 +3064,7 @@ Example:
 .br
 $ firejail \-\-noprofile \-\-whitelist=~/.mozilla
 .br
-$ firejail \-\-whitelist=/tmp/.X11-unix --whitelist=/dev/null
+$ firejail \-\-whitelist=/tmp/.X11-unix
 .br
 $ firejail "\-\-whitelist=/home/username/My Virtual Machines"
 .br
diff --git a/test/fs/fs.sh b/test/fs/fs.sh
index 677b753fc..7c8573661 100755
--- a/test/fs/fs.sh
+++ b/test/fs/fs.sh
@@ -142,8 +142,9 @@ echo "TESTING: whitelist (test/fs/whitelist.exp)"
 ./whitelist.exp
 rm -fr ~/_firejail_test_*
 
-echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)"
-./whitelist-dev.exp
+# TODO: whitelist /dev broken in 0.9.72
+#echo "TESTING: whitelist dev, var(test/fs/whitelist-dev.exp)"
+#./whitelist-dev.exp
 
 echo "TESTING: whitelist noexec (test/fs/whitelist-noexec.exp)"
 ./whitelist-noexec.exp
diff --git a/test/fs/whitelist-empty.exp b/test/fs/whitelist-empty.exp
index 18d4561d6..fc860f219 100755
--- a/test/fs/whitelist-empty.exp
+++ b/test/fs/whitelist-empty.exp
@@ -7,7 +7,7 @@ set timeout 30
 spawn $env(SHELL)
 match_max 100000
 
-send -- "firejail --whitelist=~/blablabla --whitelist=/tmp/blablabla --whitelist=/media/blablabla --whitelist=/var/blablabla --whitelist=/dev/blablabla --whitelist=/opt/blablabla\r"
+send -- "firejail --whitelist=~/blablabla --whitelist=/tmp/blablabla --whitelist=/media/blablabla --whitelist=/var/blablabla --whitelist=/opt/blablabla\r"
 expect {
         timeout {puts "TESTING ERROR 0\n";exit}
         -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms"