diff options
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 44 | ||||
-rw-r--r-- | etc/profile-a-l/kmail.profile | 2 |
3 files changed, 27 insertions, 20 deletions
@@ -525,6 +525,7 @@ KOLANICH (https://github.com/KOLANICH) | |||
525 | - fix meld | 525 | - fix meld |
526 | kortewegdevries (https://github.com/kortewegdevries) | 526 | kortewegdevries (https://github.com/kortewegdevries) |
527 | - a whole bunch of new profiles and fixes | 527 | - a whole bunch of new profiles and fixes |
528 | - whitelisting evolution, kmail | ||
528 | Kristóf Marussy (https://github.com/kris7t) | 529 | Kristóf Marussy (https://github.com/kris7t) |
529 | - dns support | 530 | - dns support |
530 | Kunal Mehta (https://github.com/legoktm) | 531 | Kunal Mehta (https://github.com/legoktm) |
@@ -158,36 +158,42 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
158 | 158 | ||
159 | ## Current development version: 0.9.65 | 159 | ## Current development version: 0.9.65 |
160 | 160 | ||
161 | Milestone page: https://github.com/netblue30/firejail/milestone/1 | ||
162 | Release discussion: https://github.com/netblue30/firejail/issues/3696 | ||
163 | |||
164 | |||
165 | |||
161 | ### Profile Statistics | 166 | ### Profile Statistics |
162 | 167 | ||
163 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: | 168 | A small tool to print profile statistics. Compile as usual and run in /etc/profiles: |
164 | ````` | 169 | ````` |
170 | $ sudo cp src/prfostats/profstats /etc/firejail/. | ||
171 | $ cd /etc/firejail | ||
165 | $ ./profstats *.profile | 172 | $ ./profstats *.profile |
166 | Warning: multiple caps in transmission-daemon.profile | 173 | Warning: multiple caps in transmission-daemon.profile |
167 | 174 | ||
168 | Stats: | 175 | Stats: |
169 | profiles 1029 | 176 | profiles 1031 |
170 | include local profile 1029 (include profile-name.local) | 177 | include local profile 1031 (include profile-name.local) |
171 | include globals 1029 (include globals.local) | 178 | include globals 1031 (include globals.local) |
172 | blacklist ~/.ssh 1005 (include disable-common.inc) | 179 | blacklist ~/.ssh 1007 (include disable-common.inc) |
173 | seccomp 975 | 180 | seccomp 976 |
174 | capabilities 1028 | 181 | capabilities 1030 |
175 | noexec 899 (include disable-exec.inc) | 182 | noexec 901 (include disable-exec.inc) |
176 | memory-deny-write-execute 220 | 183 | memory-deny-write-execute 221 |
177 | apparmor 549 | 184 | apparmor 555 |
178 | private-bin 542 | 185 | private-bin 544 |
179 | private-dev 897 | 186 | private-dev 897 |
180 | private-etc 431 | 187 | private-etc 435 |
181 | private-tmp 784 | 188 | private-tmp 785 |
182 | whitelist home directory 469 | 189 | whitelist home directory 474 |
183 | whitelist var 695 (include whitelist-var-common.inc) | 190 | whitelist var 699 (include whitelist-var-common.inc) |
184 | whitelist run/user 334 (include whitelist-runuser-common.inc | 191 | whitelist run/user 336 (include whitelist-runuser-common.inc |
185 | or blacklist ${RUNUSER}) | 192 | or blacklist ${RUNUSER}) |
186 | whitelist usr/share 354 (include whitelist-usr-share-common.inc | 193 | whitelist usr/share 359 (include whitelist-usr-share-common.inc |
187 | net none 332 | 194 | net none 333 |
188 | dbus-user none 523 | 195 | dbus-user none 523 |
189 | dbus-system none 627 | 196 | dbus-system none 632 |
190 | ````` | ||
191 | 197 | ||
192 | ### New profiles: | 198 | ### New profiles: |
193 | 199 | ||
diff --git a/etc/profile-a-l/kmail.profile b/etc/profile-a-l/kmail.profile index 43060dd61..8d99da3cf 100644 --- a/etc/profile-a-l/kmail.profile +++ b/etc/profile-a-l/kmail.profile | |||
@@ -104,7 +104,7 @@ whitelist /usr/share/qlogging-categories5 | |||
104 | whitelist /var/mail | 104 | whitelist /var/mail |
105 | whitelist /var/spool/mail | 105 | whitelist /var/spool/mail |
106 | include whitelist-common.inc | 106 | include whitelist-common.inc |
107 | include whitelist-runnuser-common.inc | 107 | include whitelist-runuser-common.inc |
108 | include whitelist-usr-share-common.inc | 108 | include whitelist-usr-share-common.inc |
109 | include whitelist-var-common.inc | 109 | include whitelist-var-common.inc |
110 | 110 | ||