diff options
-rw-r--r-- | RELNOTES | 6 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | src/firejail/bandwidth.c | 5 | ||||
-rw-r--r-- | src/firejail/caps.c | 4 | ||||
-rw-r--r-- | src/firejail/firejail.h | 1 | ||||
-rw-r--r-- | src/firejail/fs_logger.c | 4 | ||||
-rw-r--r-- | src/firejail/join.c | 4 | ||||
-rw-r--r-- | src/firejail/main.c | 11 | ||||
-rw-r--r-- | src/firejail/network_main.c | 4 | ||||
-rw-r--r-- | src/firejail/profile.c | 4 | ||||
-rw-r--r-- | src/firejail/protocol.c | 4 | ||||
-rw-r--r-- | src/firejail/seccomp.c | 4 | ||||
-rw-r--r-- | src/firejail/shutdown.c | 4 | ||||
-rw-r--r-- | src/lib/common.c | 9 | ||||
-rw-r--r-- | src/man/firejail-profile.txt | 4 |
16 files changed, 32 insertions, 56 deletions
@@ -1,15 +1,15 @@ | |||
1 | firejail (0.9.40-rc1) baseline; urgency=low | 1 | firejail (0.9.39) baseline; urgency=low |
2 | * default seccomp filter update | 2 | * default seccomp filter update |
3 | * disable STUN/WebRTC in default netfilter configuration | 3 | * disable STUN/WebRTC in default netfilter configuration |
4 | * added --nice option | 4 | * added --nice option |
5 | * added --x11 option | 5 | * added --x11 option |
6 | * addded mkdir profile command | 6 | * addded mkdir and ipc-namespace profile commands |
7 | * --version also prints compile options | 7 | * --version also prints compile options |
8 | * added compile-time option to restrict --net= to root only | 8 | * added compile-time option to restrict --net= to root only |
9 | * build rpm packages using "make rpms" | 9 | * build rpm packages using "make rpms" |
10 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi | 10 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi |
11 | * bugfixes | 11 | * bugfixes |
12 | -- netblue30 <netblue30@yahoo.com> Wed, 28 Feb 2016 08:00:00 -0500 | 12 | -- netblue30 <netblue30@yahoo.com> Wed, 3 Mar 2016 08:00:00 -0500 |
13 | 13 | ||
14 | firejail (0.9.38) baseline; urgency=low | 14 | firejail (0.9.38) baseline; urgency=low |
15 | * IPv6 support (--ip6 and --netfilter6) | 15 | * IPv6 support (--ip6 and --netfilter6) |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.40-rc1. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.39. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.40-rc1' | 583 | PACKAGE_VERSION='0.9.39' |
584 | PACKAGE_STRING='firejail 0.9.40-rc1' | 584 | PACKAGE_STRING='firejail 0.9.39' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='http://firejail.wordpress.com' | 586 | PACKAGE_URL='http://firejail.wordpress.com' |
587 | 587 | ||
@@ -1244,7 +1244,7 @@ if test "$ac_init_help" = "long"; then | |||
1244 | # Omit some internal or obsolete options to make the list less imposing. | 1244 | # Omit some internal or obsolete options to make the list less imposing. |
1245 | # This message is too long to be a string in the A/UX 3.1 sh. | 1245 | # This message is too long to be a string in the A/UX 3.1 sh. |
1246 | cat <<_ACEOF | 1246 | cat <<_ACEOF |
1247 | \`configure' configures firejail 0.9.40-rc1 to adapt to many kinds of systems. | 1247 | \`configure' configures firejail 0.9.39 to adapt to many kinds of systems. |
1248 | 1248 | ||
1249 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1249 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1250 | 1250 | ||
@@ -1305,7 +1305,7 @@ fi | |||
1305 | 1305 | ||
1306 | if test -n "$ac_init_help"; then | 1306 | if test -n "$ac_init_help"; then |
1307 | case $ac_init_help in | 1307 | case $ac_init_help in |
1308 | short | recursive ) echo "Configuration of firejail 0.9.40-rc1:";; | 1308 | short | recursive ) echo "Configuration of firejail 0.9.39:";; |
1309 | esac | 1309 | esac |
1310 | cat <<\_ACEOF | 1310 | cat <<\_ACEOF |
1311 | 1311 | ||
@@ -1400,7 +1400,7 @@ fi | |||
1400 | test -n "$ac_init_help" && exit $ac_status | 1400 | test -n "$ac_init_help" && exit $ac_status |
1401 | if $ac_init_version; then | 1401 | if $ac_init_version; then |
1402 | cat <<\_ACEOF | 1402 | cat <<\_ACEOF |
1403 | firejail configure 0.9.40-rc1 | 1403 | firejail configure 0.9.39 |
1404 | generated by GNU Autoconf 2.69 | 1404 | generated by GNU Autoconf 2.69 |
1405 | 1405 | ||
1406 | Copyright (C) 2012 Free Software Foundation, Inc. | 1406 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1702,7 +1702,7 @@ cat >config.log <<_ACEOF | |||
1702 | This file contains any messages produced by compilers while | 1702 | This file contains any messages produced by compilers while |
1703 | running configure, to aid debugging if configure makes a mistake. | 1703 | running configure, to aid debugging if configure makes a mistake. |
1704 | 1704 | ||
1705 | It was created by firejail $as_me 0.9.40-rc1, which was | 1705 | It was created by firejail $as_me 0.9.39, which was |
1706 | generated by GNU Autoconf 2.69. Invocation command line was | 1706 | generated by GNU Autoconf 2.69. Invocation command line was |
1707 | 1707 | ||
1708 | $ $0 $@ | 1708 | $ $0 $@ |
@@ -4168,7 +4168,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4168 | # report actual input values of CONFIG_FILES etc. instead of their | 4168 | # report actual input values of CONFIG_FILES etc. instead of their |
4169 | # values after options handling. | 4169 | # values after options handling. |
4170 | ac_log=" | 4170 | ac_log=" |
4171 | This file was extended by firejail $as_me 0.9.40-rc1, which was | 4171 | This file was extended by firejail $as_me 0.9.39, which was |
4172 | generated by GNU Autoconf 2.69. Invocation command line was | 4172 | generated by GNU Autoconf 2.69. Invocation command line was |
4173 | 4173 | ||
4174 | CONFIG_FILES = $CONFIG_FILES | 4174 | CONFIG_FILES = $CONFIG_FILES |
@@ -4222,7 +4222,7 @@ _ACEOF | |||
4222 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4222 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4223 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4223 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4224 | ac_cs_version="\\ | 4224 | ac_cs_version="\\ |
4225 | firejail config.status 0.9.40-rc1 | 4225 | firejail config.status 0.9.39 |
4226 | configured by $0, generated by GNU Autoconf 2.69, | 4226 | configured by $0, generated by GNU Autoconf 2.69, |
4227 | with options \\"\$ac_cs_config\\" | 4227 | with options \\"\$ac_cs_config\\" |
4228 | 4228 | ||
diff --git a/configure.ac b/configure.ac index b8d560c91..512159568 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.40-rc1, netblue30@yahoo.com, , http://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.39, netblue30@yahoo.com, , http://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||
diff --git a/src/firejail/bandwidth.c b/src/firejail/bandwidth.c index da894b321..0be23b9bc 100644 --- a/src/firejail/bandwidth.c +++ b/src/firejail/bandwidth.c | |||
@@ -364,10 +364,7 @@ void bandwidth_pid(pid_t pid, const char *command, const char *dev, int down, in | |||
364 | exit(1); | 364 | exit(1); |
365 | } | 365 | } |
366 | 366 | ||
367 | // remove \n and check for firejail sandbox | 367 | // check for firejail sandbox |
368 | char *ptr = strchr(comm, '\n'); | ||
369 | if (ptr) | ||
370 | *ptr = '\0'; | ||
371 | if (strcmp(comm, "firejail") != 0) { | 368 | if (strcmp(comm, "firejail") != 0) { |
372 | fprintf(stderr, "Error: cannot find sandbox\n"); | 369 | fprintf(stderr, "Error: cannot find sandbox\n"); |
373 | exit(1); | 370 | exit(1); |
diff --git a/src/firejail/caps.c b/src/firejail/caps.c index d623c5fd3..de7c93b48 100644 --- a/src/firejail/caps.c +++ b/src/firejail/caps.c | |||
@@ -419,10 +419,6 @@ void caps_print_filter(pid_t pid) { | |||
419 | // if the pid is that of a firejail process, use the pid of the first child process | 419 | // if the pid is that of a firejail process, use the pid of the first child process |
420 | char *comm = pid_proc_comm(pid); | 420 | char *comm = pid_proc_comm(pid); |
421 | if (comm) { | 421 | if (comm) { |
422 | // remove \n | ||
423 | char *ptr = strchr(comm, '\n'); | ||
424 | if (ptr) | ||
425 | *ptr = '\0'; | ||
426 | if (strcmp(comm, "firejail") == 0) { | 422 | if (strcmp(comm, "firejail") == 0) { |
427 | pid_t child; | 423 | pid_t child; |
428 | if (find_child(pid, &child) == 0) { | 424 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h index 1fcb92fea..3097a7a0e 100644 --- a/src/firejail/firejail.h +++ b/src/firejail/firejail.h | |||
@@ -241,6 +241,7 @@ extern int arg_quiet; // no output for scripting | |||
241 | extern int arg_join_network; // join only the network namespace | 241 | extern int arg_join_network; // join only the network namespace |
242 | extern int arg_join_filesystem; // join only the mount namespace | 242 | extern int arg_join_filesystem; // join only the mount namespace |
243 | extern int arg_nice; // nice value configured | 243 | extern int arg_nice; // nice value configured |
244 | extern int arg_ipc; // enable ipc namespace | ||
244 | 245 | ||
245 | extern int parent_to_child_fds[2]; | 246 | extern int parent_to_child_fds[2]; |
246 | extern int child_to_parent_fds[2]; | 247 | extern int child_to_parent_fds[2]; |
diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c index f803982d7..058bcc1c9 100644 --- a/src/firejail/fs_logger.c +++ b/src/firejail/fs_logger.c | |||
@@ -143,10 +143,6 @@ void fs_logger_print_log(pid_t pid) { | |||
143 | // if the pid is that of a firejail process, use the pid of the first child process | 143 | // if the pid is that of a firejail process, use the pid of the first child process |
144 | char *comm = pid_proc_comm(pid); | 144 | char *comm = pid_proc_comm(pid); |
145 | if (comm) { | 145 | if (comm) { |
146 | // remove \n | ||
147 | char *ptr = strchr(comm, '\n'); | ||
148 | if (ptr) | ||
149 | *ptr = '\0'; | ||
150 | if (strcmp(comm, "firejail") == 0) { | 146 | if (strcmp(comm, "firejail") == 0) { |
151 | pid_t child; | 147 | pid_t child; |
152 | if (find_child(pid, &child) == 0) { | 148 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/join.c b/src/firejail/join.c index 4cd315d90..21bb56e9d 100644 --- a/src/firejail/join.c +++ b/src/firejail/join.c | |||
@@ -202,10 +202,6 @@ void join(pid_t pid, const char *homedir, int argc, char **argv, int index) { | |||
202 | // if the pid is that of a firejail process, use the pid of the first child process | 202 | // if the pid is that of a firejail process, use the pid of the first child process |
203 | char *comm = pid_proc_comm(pid); | 203 | char *comm = pid_proc_comm(pid); |
204 | if (comm) { | 204 | if (comm) { |
205 | // remove \n | ||
206 | char *ptr = strchr(comm, '\n'); | ||
207 | if (ptr) | ||
208 | *ptr = '\0'; | ||
209 | if (strcmp(comm, "firejail") == 0) { | 205 | if (strcmp(comm, "firejail") == 0) { |
210 | pid_t child; | 206 | pid_t child; |
211 | if (find_child(pid, &child) == 0) { | 207 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/main.c b/src/firejail/main.c index c0050be1f..a9fe13c78 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c | |||
@@ -95,6 +95,7 @@ int arg_quiet = 0; // no output for scripting | |||
95 | int arg_join_network = 0; // join only the network namespace | 95 | int arg_join_network = 0; // join only the network namespace |
96 | int arg_join_filesystem = 0; // join only the mount namespace | 96 | int arg_join_filesystem = 0; // join only the mount namespace |
97 | int arg_nice = 0; // nice value configured | 97 | int arg_nice = 0; // nice value configured |
98 | int arg_ipc = 0; // enable ipc namespace | ||
98 | 99 | ||
99 | int parent_to_child_fds[2]; | 100 | int parent_to_child_fds[2]; |
100 | int child_to_parent_fds[2]; | 101 | int child_to_parent_fds[2]; |
@@ -551,7 +552,6 @@ int main(int argc, char **argv) { | |||
551 | int i; | 552 | int i; |
552 | int prog_index = -1; // index in argv where the program command starts | 553 | int prog_index = -1; // index in argv where the program command starts |
553 | int lockfd = -1; | 554 | int lockfd = -1; |
554 | int arg_ipc = 0; | ||
555 | int arg_cgroup = 0; | 555 | int arg_cgroup = 0; |
556 | int custom_profile = 0; // custom profile loaded | 556 | int custom_profile = 0; // custom profile loaded |
557 | char *custom_profile_dir = NULL; // custom profile directory | 557 | char *custom_profile_dir = NULL; // custom profile directory |
@@ -618,10 +618,6 @@ int main(int argc, char **argv) { | |||
618 | pid_t ppid = getppid(); | 618 | pid_t ppid = getppid(); |
619 | char *comm = pid_proc_comm(ppid); | 619 | char *comm = pid_proc_comm(ppid); |
620 | if (comm) { | 620 | if (comm) { |
621 | // remove \n | ||
622 | char *ptr = strchr(comm, '\n'); | ||
623 | if (ptr) | ||
624 | *ptr = '\0'; | ||
625 | if (strcmp(comm, "sshd") == 0) | 621 | if (strcmp(comm, "sshd") == 0) |
626 | parent_sshd = 1; | 622 | parent_sshd = 1; |
627 | free(comm); | 623 | free(comm); |
@@ -1619,8 +1615,11 @@ int main(int argc, char **argv) { | |||
1619 | 1615 | ||
1620 | // in root mode also enable CLONE_NEWIPC | 1616 | // in root mode also enable CLONE_NEWIPC |
1621 | // in user mode CLONE_NEWIPC will break MIT Shared Memory Extension (MIT-SHM) | 1617 | // in user mode CLONE_NEWIPC will break MIT Shared Memory Extension (MIT-SHM) |
1622 | if (getuid() == 0 || arg_ipc) | 1618 | if (getuid() == 0 || arg_ipc) { |
1623 | flags |= CLONE_NEWIPC; | 1619 | flags |= CLONE_NEWIPC; |
1620 | if (arg_debug) | ||
1621 | printf("Enabling IPC namespace\n"); | ||
1622 | } | ||
1624 | 1623 | ||
1625 | if (any_bridge_configured() || any_interface_configured() || arg_nonetwork) { | 1624 | if (any_bridge_configured() || any_interface_configured() || arg_nonetwork) { |
1626 | flags |= CLONE_NEWNET; | 1625 | flags |= CLONE_NEWNET; |
diff --git a/src/firejail/network_main.c b/src/firejail/network_main.c index 9ddd56dcd..3fb79b9f4 100644 --- a/src/firejail/network_main.c +++ b/src/firejail/network_main.c | |||
@@ -246,10 +246,6 @@ void net_dns_print(pid_t pid) { | |||
246 | // if the pid is that of a firejail process, use the pid of the first child process | 246 | // if the pid is that of a firejail process, use the pid of the first child process |
247 | char *comm = pid_proc_comm(pid); | 247 | char *comm = pid_proc_comm(pid); |
248 | if (comm) { | 248 | if (comm) { |
249 | // remove \n | ||
250 | char *ptr = strchr(comm, '\n'); | ||
251 | if (ptr) | ||
252 | *ptr = '\0'; | ||
253 | if (strcmp(comm, "firejail") == 0) { | 249 | if (strcmp(comm, "firejail") == 0) { |
254 | pid_t child; | 250 | pid_t child; |
255 | if (find_child(pid, &child) == 0) { | 251 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/profile.c b/src/firejail/profile.c index 8771a7fa8..28df9f03e 100644 --- a/src/firejail/profile.c +++ b/src/firejail/profile.c | |||
@@ -116,6 +116,10 @@ int profile_check_line(char *ptr, int lineno, const char *fname) { | |||
116 | } | 116 | } |
117 | return 0; | 117 | return 0; |
118 | } | 118 | } |
119 | else if (strcmp(ptr, "ipc-namespace") == 0) { | ||
120 | arg_ipc = 1; | ||
121 | return 0; | ||
122 | } | ||
119 | // seccomp, caps, private, user namespace | 123 | // seccomp, caps, private, user namespace |
120 | else if (strcmp(ptr, "noroot") == 0) { | 124 | else if (strcmp(ptr, "noroot") == 0) { |
121 | #if HAVE_USERNS | 125 | #if HAVE_USERNS |
diff --git a/src/firejail/protocol.c b/src/firejail/protocol.c index 24fbfc024..3e81f13dc 100644 --- a/src/firejail/protocol.c +++ b/src/firejail/protocol.c | |||
@@ -341,10 +341,6 @@ void protocol_print_filter(pid_t pid) { | |||
341 | // if the pid is that of a firejail process, use the pid of the first child process | 341 | // if the pid is that of a firejail process, use the pid of the first child process |
342 | char *comm = pid_proc_comm(pid); | 342 | char *comm = pid_proc_comm(pid); |
343 | if (comm) { | 343 | if (comm) { |
344 | // remove \n | ||
345 | char *ptr = strchr(comm, '\n'); | ||
346 | if (ptr) | ||
347 | *ptr = '\0'; | ||
348 | if (strcmp(comm, "firejail") == 0) { | 344 | if (strcmp(comm, "firejail") == 0) { |
349 | pid_t child; | 345 | pid_t child; |
350 | if (find_child(pid, &child) == 0) { | 346 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/seccomp.c b/src/firejail/seccomp.c index f9a9df211..a5a77abab 100644 --- a/src/firejail/seccomp.c +++ b/src/firejail/seccomp.c | |||
@@ -820,10 +820,6 @@ void seccomp_print_filter(pid_t pid) { | |||
820 | // if the pid is that of a firejail process, use the pid of the first child process | 820 | // if the pid is that of a firejail process, use the pid of the first child process |
821 | char *comm = pid_proc_comm(pid); | 821 | char *comm = pid_proc_comm(pid); |
822 | if (comm) { | 822 | if (comm) { |
823 | // remove \n | ||
824 | char *ptr = strchr(comm, '\n'); | ||
825 | if (ptr) | ||
826 | *ptr = '\0'; | ||
827 | if (strcmp(comm, "firejail") == 0) { | 823 | if (strcmp(comm, "firejail") == 0) { |
828 | pid_t child; | 824 | pid_t child; |
829 | if (find_child(pid, &child) == 0) { | 825 | if (find_child(pid, &child) == 0) { |
diff --git a/src/firejail/shutdown.c b/src/firejail/shutdown.c index c88683aaa..3671901d0 100644 --- a/src/firejail/shutdown.c +++ b/src/firejail/shutdown.c | |||
@@ -46,10 +46,6 @@ void shut(pid_t pid) { | |||
46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox | 46 | // if the pid is that of a firejail process, use the pid of a child process inside the sandbox |
47 | char *comm = pid_proc_comm(pid); | 47 | char *comm = pid_proc_comm(pid); |
48 | if (comm) { | 48 | if (comm) { |
49 | // remove \n | ||
50 | char *ptr = strchr(comm, '\n'); | ||
51 | if (ptr) | ||
52 | *ptr = '\0'; | ||
53 | if (strcmp(comm, "firejail") == 0) { | 49 | if (strcmp(comm, "firejail") == 0) { |
54 | pid_t child; | 50 | pid_t child; |
55 | if (find_child(pid, &child) == 0) { | 51 | if (find_child(pid, &child) == 0) { |
diff --git a/src/lib/common.c b/src/lib/common.c index f321c5a47..fd3ab7071 100644 --- a/src/lib/common.c +++ b/src/lib/common.c | |||
@@ -84,10 +84,6 @@ int name2pid(const char *name, pid_t *pid) { | |||
84 | // check if this is a firejail executable | 84 | // check if this is a firejail executable |
85 | char *comm = pid_proc_comm(newpid); | 85 | char *comm = pid_proc_comm(newpid); |
86 | if (comm) { | 86 | if (comm) { |
87 | // remove \n | ||
88 | char *ptr = strchr(comm, '\n'); | ||
89 | if (ptr) | ||
90 | *ptr = '\0'; | ||
91 | if (strcmp(comm, "firejail")) { | 87 | if (strcmp(comm, "firejail")) { |
92 | free(comm); | 88 | free(comm); |
93 | continue; | 89 | continue; |
@@ -150,6 +146,11 @@ char *pid_proc_comm(const pid_t pid) { | |||
150 | buffer[len] = '\0'; | 146 | buffer[len] = '\0'; |
151 | close(fd); | 147 | close(fd); |
152 | 148 | ||
149 | // remove \n | ||
150 | char *ptr = strchr(buffer, '\n'); | ||
151 | if (ptr) | ||
152 | *ptr = '\0'; | ||
153 | |||
153 | // return a malloc copy of the command line | 154 | // return a malloc copy of the command line |
154 | char *rv = strdup((char *) buffer); | 155 | char *rv = strdup((char *) buffer); |
155 | if (strlen(rv) == 0) { | 156 | if (strlen(rv) == 0) { |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index b46958bd4..8897efc09 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
@@ -283,7 +283,9 @@ Disable supplementary user groups | |||
283 | .TP | 283 | .TP |
284 | \fBshell none | 284 | \fBshell none |
285 | Run the program directly, without a shell. | 285 | Run the program directly, without a shell. |
286 | 286 | .TP | |
287 | \fBipc-namespace | ||
288 | Enable IPC namespace. | ||
287 | .SH Networking | 289 | .SH Networking |
288 | Networking features available in profile files. | 290 | Networking features available in profile files. |
289 | 291 | ||