diff options
-rw-r--r-- | README | 1 | ||||
-rwxr-xr-x | configure | 2 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | etc/discord-common.profile | 2 | ||||
-rw-r--r-- | etc/evince.profile | 2 | ||||
-rw-r--r-- | etc/firejail-default | 3 | ||||
-rw-r--r-- | src/firejail/fs_whitelist.c | 2 |
7 files changed, 9 insertions, 5 deletions
@@ -660,6 +660,7 @@ veloute (https://github.com/veloute) | |||
660 | - added standardnotes profile | 660 | - added standardnotes profile |
661 | - added flameshot profile | 661 | - added flameshot profile |
662 | - added jdownloader profile | 662 | - added jdownloader profile |
663 | - fixed discord profile | ||
663 | Vincent43 (https://github.com/Vincent43) | 664 | Vincent43 (https://github.com/Vincent43) |
664 | - apparmor enhancements | 665 | - apparmor enhancements |
665 | vismir2 (https://github.com/vismir2) | 666 | vismir2 (https://github.com/vismir2) |
@@ -3832,7 +3832,7 @@ fi | |||
3832 | 3832 | ||
3833 | # set sysconfdir | 3833 | # set sysconfdir |
3834 | if test "$prefix" = /usr; then | 3834 | if test "$prefix" = /usr; then |
3835 | sysconfdir="/etc" | 3835 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" |
3836 | fi | 3836 | fi |
3837 | 3837 | ||
3838 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" | 3838 | ac_config_files="$ac_config_files Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile src/firemon/Makefile src/libtrace/Makefile src/libtracelog/Makefile src/firecfg/Makefile src/fbuilder/Makefile src/fsec-print/Makefile src/ftee/Makefile src/faudit/Makefile src/fseccomp/Makefile src/fldd/Makefile src/libpostexecseccomp/Makefile src/fsec-optimize/Makefile" |
diff --git a/configure.ac b/configure.ac index f01bf2199..d1b827fef 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -183,7 +183,7 @@ AC_SUBST(HAVE_SECCOMP_H) | |||
183 | 183 | ||
184 | # set sysconfdir | 184 | # set sysconfdir |
185 | if test "$prefix" = /usr; then | 185 | if test "$prefix" = /usr; then |
186 | sysconfdir="/etc" | 186 | test "$sysconfdir" = '${prefix}/etc' && sysconfdir="/etc" |
187 | fi | 187 | fi |
188 | 188 | ||
189 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ | 189 | AC_OUTPUT(Makefile src/common.mk src/lib/Makefile src/fcopy/Makefile src/fnet/Makefile src/firejail/Makefile src/fnetfilter/Makefile \ |
diff --git a/etc/discord-common.profile b/etc/discord-common.profile index b835ce401..babef37b1 100644 --- a/etc/discord-common.profile +++ b/etc/discord-common.profile | |||
@@ -26,7 +26,7 @@ seccomp | |||
26 | 26 | ||
27 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh | 27 | private-bin sh,xdg-mime,tr,sed,echo,head,cut,xdg-open,grep,egrep,bash,zsh |
28 | private-dev | 28 | private-dev |
29 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies | 29 | private-etc fonts,machine-id,localtime,ld.so.cache,ca-certificates,ssl,pki,crypto-policies,resolv.conf |
30 | private-tmp | 30 | private-tmp |
31 | 31 | ||
32 | noexec ${HOME} | 32 | noexec ${HOME} |
diff --git a/etc/evince.profile b/etc/evince.profile index 2ade9c6f6..ea46ccc40 100644 --- a/etc/evince.profile +++ b/etc/evince.profile | |||
@@ -40,7 +40,7 @@ private-bin evince,evince-previewer,evince-thumbnailer | |||
40 | private-dev | 40 | private-dev |
41 | private-etc fonts | 41 | private-etc fonts |
42 | 42 | ||
43 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.* | 43 | private-lib evince,gdk-pixbuf-2.*,gio,gvfs/libgvfscommon.so,libdjvulibre.so.*,libgconf-2.so.*,libpoppler-glib.so.*,librsvg-2.so.*,gconv |
44 | 44 | ||
45 | private-tmp | 45 | private-tmp |
46 | 46 | ||
diff --git a/etc/firejail-default b/etc/firejail-default index c4107270c..88bf9aa44 100644 --- a/etc/firejail-default +++ b/etc/firejail-default | |||
@@ -47,6 +47,9 @@ owner /{,run/firejail/mnt/oroot/}{,var/}run/user/[0-9]*/orcexec.* w, | |||
47 | 47 | ||
48 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, | 48 | owner /{,run/firejail/mnt/oroot/}{run,dev}/shm/** w, |
49 | 49 | ||
50 | # Allow writing to removable media | ||
51 | owner /{,var/}run/media/** w, | ||
52 | |||
50 | # Allow logging Firejail blacklist violations to journal | 53 | # Allow logging Firejail blacklist violations to journal |
51 | /{,var/}run/systemd/journal/socket w, | 54 | /{,var/}run/systemd/journal/socket w, |
52 | /{,var/}run/systemd/journal/dev-log w, | 55 | /{,var/}run/systemd/journal/dev-log w, |
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c index 2d4640430..6dd4a7e2d 100644 --- a/src/firejail/fs_whitelist.c +++ b/src/firejail/fs_whitelist.c | |||
@@ -430,7 +430,7 @@ void fs_whitelist(void) { | |||
430 | 430 | ||
431 | // if 1 the file was not found; mount an empty directory | 431 | // if 1 the file was not found; mount an empty directory |
432 | if (!nowhitelist_flag) { | 432 | if (!nowhitelist_flag) { |
433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0) { | 433 | if (strncmp(new_name, cfg.homedir, strlen(cfg.homedir)) == 0 && new_name[strlen(cfg.homedir)] == '/') { |
434 | if(!arg_private) | 434 | if(!arg_private) |
435 | home_dir = 1; | 435 | home_dir = 1; |
436 | } | 436 | } |