diff options
| -rw-r--r-- | README | 2 | ||||
| -rw-r--r-- | README.md | 9 | ||||
| -rw-r--r-- | RELNOTES | 2 | ||||
| -rw-r--r-- | src/man/firejail.txt | 7 |
4 files changed, 19 insertions, 1 deletions
| @@ -442,6 +442,8 @@ Tomasz Jan Góralczyk (https://github.com/tjg) | |||
| 442 | - fixed Steam profile | 442 | - fixed Steam profile |
| 443 | Topi Miettinen (https://github.com/topimiettinen) | 443 | Topi Miettinen (https://github.com/topimiettinen) |
| 444 | - improve mount handling, fix /run/user handling | 444 | - improve mount handling, fix /run/user handling |
| 445 | - /proc/sys can be nosuid,noexec,nodev | ||
| 446 | - seccomp default list update | ||
| 445 | valoq (https://github.com/valoq) | 447 | valoq (https://github.com/valoq) |
| 446 | - lots of profile fixes | 448 | - lots of profile fixes |
| 447 | - added support for /srv in --whitelist feature | 449 | - added support for /srv in --whitelist feature |
| @@ -114,6 +114,15 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir | |||
| 114 | fox | 114 | fox |
| 115 | ````` | 115 | ````` |
| 116 | 116 | ||
| 117 | ## Default seccomp list update | ||
| 118 | |||
| 119 | The following syscalls have been added: | ||
| 120 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | ||
| 121 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | ||
| 122 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | ||
| 123 | ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted by default. | ||
| 124 | |||
| 125 | |||
| 117 | 126 | ||
| 118 | ## New profiles: | 127 | ## New profiles: |
| 119 | 128 | ||
| @@ -2,6 +2,8 @@ firejail (0.9.49) baseline; urgency=low | |||
| 2 | * work in progress! | 2 | * work in progress! |
| 3 | * feature: per-profile disable-mnt (--disable-mnt) | 3 | * feature: per-profile disable-mnt (--disable-mnt) |
| 4 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) | 4 | * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) |
| 5 | * enhancement: /proc/sys mounting | ||
| 6 | * enhancement: default seccomp list update | ||
| 5 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, | 7 | * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, |
| 6 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, | 8 | * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, |
| 7 | * new profiles: Android Studio | 9 | * new profiles: Android Studio |
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3253ae8bb..cd47800c5 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -1458,7 +1458,12 @@ remap_file_pages, mbind, get_mempolicy, set_mempolicy, | |||
| 1458 | migrate_pages, move_pages, vmsplice, chroot, | 1458 | migrate_pages, move_pages, vmsplice, chroot, |
| 1459 | tuxcall, reboot, mfsservctl, get_kernel_syms, | 1459 | tuxcall, reboot, mfsservctl, get_kernel_syms, |
| 1460 | bpf, clock_settime, personality, process_vm_writev, query_module, | 1460 | bpf, clock_settime, personality, process_vm_writev, query_module, |
| 1461 | settimeofday, stime, umount, userfaultfd, ustat, vm86, and vm86old | 1461 | settimeofday, stime, umount, userfaultfd, ustat, vm86, vm86old, |
| 1462 | afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, | ||
| 1463 | pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, | ||
| 1464 | security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, | ||
| 1465 | ulimit, vhangup and vserver | ||
| 1466 | |||
| 1462 | .br | 1467 | .br |
| 1463 | 1468 | ||
| 1464 | .br | 1469 | .br |