5 files changed, 33 insertions, 9 deletions
diff --git a/Makefile.in b/Makefile.in
index 026133cbb..d5c40ebb6 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -81,8 +81,10 @@ realinstall:
        install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.
+ifeq ($(HAVE_GIT_INSTALL),-DHAVE_GIT_INSTALL)
        install -c -m 0755 src/fgit/fgit-install.sh $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fgit/fgit-uninstall.sh $(DESTDIR)/$(libdir)/firejail/.
+endif
        install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/.
        install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.
@@ -283,4 +285,4 @@ test-overlay:
 test-all: test-root test-chroot test-network test-appimage test-overlay
        echo "TEST COMPLETE"
-        
-\ No newline at end of file
+        
diff --git a/RELNOTES b/RELNOTES
index ac7d57f61..a82cf7212 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -29,11 +29,11 @@ firejail (0.9.46-rc1) baseline; urgency=low
  * feature: config support to disable access to /mnt and /media (disable-mnt)
  * feature: config support to disable join (join)
  * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
-  * new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,
+  * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
  * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
  * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
-  * new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
+  * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
  * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
  * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
  * new profiles: baloo_file
diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py
index 8027daa5b..3cc13b758 100755
--- a/contrib/fj-mkdeb.py
+++ b/contrib/fj-mkdeb.py
@@ -5,7 +5,7 @@
 import os, re, shlex, subprocess, sys
 def run(srcdir, args):
-  os.chdir(srcdir)
+  if srcdir: os.chdir(srcdir)
  dry_run=False
  escaped_args=[]
@@ -41,11 +41,34 @@ if __name__ == '__main__':
  if len(sys.argv) == 2 and sys.argv[1] == '--help':
    print('''Build a .deb of firejail with custom configure options
-usage: {script} [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
+usage:
+{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
+ --fj-src=SRCDIR: manually specify the location of firejail source tree
+                  as SRCDIR.  If not specified, looks in the parent directory
+                  of the directory where this script is located, and then the
+                  current working directory, in that order.
 --only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
 CONFIGURE_OPTIONS: arguments for configure
 '''.format(script=sys.argv[0]))
    sys.exit(0)
  else:
-    sys.exit(run(os.path.dirname(os.path.abspath(sys.argv[0]+'/..')), sys.argv[1:]))
+    # Find the source directory
+    srcdir=None
+    args=sys.argv[1:]
+    for a in args:
+      if a.startswith('--fj-src='):
+        args.remove(a)
+        srcdir=a[9:]
+        break
+    if not(srcdir):
+      # srcdir not manually specified, try to auto-detect
+      srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..'))
+      if not(os.path.isfile(srcdir+'/mkdeb.sh')):
+        # Script is probably installed.  Check the cwd.
+        if os.path.isfile('./mkdeb.sh'):
+          srcdir=None
+        else:
+          print('Error: Could not find the firejail source tree.  Exiting.')
+          sys.exit(1)
+    sys.exit(run(srcdir, args))
diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile
index d629d2c5d..499d64fb2 100644
--- a/etc/baloo_file.profile
+++ b/etc/baloo_file.profile
@@ -23,7 +23,7 @@ protocol unix
 # Baloo makes ioprio_set system calls, which are blacklisted by default.
 seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
-blacklist /tmp/.X11-unix
+x11 xorg
 private-dev
 private-tmp
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 3deeda960..11007051d 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -1153,8 +1153,7 @@ $ firejail \-\-overlay-tmpfs firefox
 .TP
 \fB\-\-overlay-clean
-Clean all overlays stored in $HOME/.firejail directory. Overlays created with --overlay-path=path
+Clean all overlays stored in $HOME/.firejail directory.
-outside $HOME/.firejail will not be deleted.
 .br
 .br

diff --git a/Makefile.in b/Makefile.in index 026133cbb..d5c40ebb6 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -81,8 +81,10 @@ realinstall:
81	install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/.	81	install -c -m 0644 src/libtracelog/libtracelog.so $(DESTDIR)/$(libdir)/firejail/.
82	install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/.	82	install -c -m 0755 src/ftee/ftee $(DESTDIR)/$(libdir)/firejail/.
83	install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.	83	install -c -m 0755 src/fshaper/fshaper.sh $(DESTDIR)/$(libdir)/firejail/.
		84	ifeq ($(HAVE_GIT_INSTALL),-DHAVE_GIT_INSTALL)
84	install -c -m 0755 src/fgit/fgit-install.sh $(DESTDIR)/$(libdir)/firejail/.	85	install -c -m 0755 src/fgit/fgit-install.sh $(DESTDIR)/$(libdir)/firejail/.
85	install -c -m 0755 src/fgit/fgit-uninstall.sh $(DESTDIR)/$(libdir)/firejail/.	86	install -c -m 0755 src/fgit/fgit-uninstall.sh $(DESTDIR)/$(libdir)/firejail/.
		87	endif
86	install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.	88	install -c -m 0644 src/firecfg/firecfg.config $(DESTDIR)/$(libdir)/firejail/.
87	install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/.	89	install -c -m 0755 src/faudit/faudit $(DESTDIR)/$(libdir)/firejail/.
88	install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.	90	install -c -m 0755 src/fnet/fnet $(DESTDIR)/$(libdir)/firejail/.
@@ -283,4 +285,4 @@ test-overlay:
283		285
284	test-all: test-root test-chroot test-network test-appimage test-overlay	286	test-all: test-root test-chroot test-network test-appimage test-overlay
285	echo "TEST COMPLETE"	287	echo "TEST COMPLETE"
286	\ No newline at end of file	288


diff --git a/RELNOTES b/RELNOTES index ac7d57f61..a82cf7212 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -29,11 +29,11 @@ firejail (0.9.46-rc1) baseline; urgency=low
29	* feature: config support to disable access to /mnt and /media (disable-mnt)	29	* feature: config support to disable access to /mnt and /media (disable-mnt)
30	* feature: config support to disable join (join)	30	* feature: config support to disable join (join)
31	* feature: disabled Go, Rust, and OpenSSL in disable-devel.conf	31	* feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
32	* new profiles: xiphos, Tor Browser Bundle, display (imagemagik), Wire,	32	* new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
33	* new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,	33	* new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
34	* new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,	34	* new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
35	* new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,	35	* new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
36	* new profies: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,	36	* new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
37	* new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,	37	* new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
38	* new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,	38	* new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
39	* new profiles: baloo_file	39	* new profiles: baloo_file


diff --git a/contrib/fj-mkdeb.py b/contrib/fj-mkdeb.py index 8027daa5b..3cc13b758 100755 --- a/contrib/fj-mkdeb.py +++ b/contrib/fj-mkdeb.py
@@ -5,7 +5,7 @@
5	import os, re, shlex, subprocess, sys	5	import os, re, shlex, subprocess, sys
6		6
7	def run(srcdir, args):	7	def run(srcdir, args):
8	os.chdir(srcdir)	8	if srcdir: os.chdir(srcdir)
9		9
10	dry_run=False	10	dry_run=False
11	escaped_args=[]	11	escaped_args=[]
@@ -41,11 +41,34 @@ if __name__ == '__main__':
41	if len(sys.argv) == 2 and sys.argv[1] == '--help':	41	if len(sys.argv) == 2 and sys.argv[1] == '--help':
42	print('''Build a .deb of firejail with custom configure options	42	print('''Build a .deb of firejail with custom configure options
43		43
44	usage: {script} [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]	44	usage:
		45	{script} [--fj-src=SRCDIR] [--only-fix-mkdeb] [CONFIGURE_OPTIONS [...]]
45		46
		47	--fj-src=SRCDIR: manually specify the location of firejail source tree
		48	as SRCDIR. If not specified, looks in the parent directory
		49	of the directory where this script is located, and then the
		50	current working directory, in that order.
46	--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh	51	--only-fix-mkdeb: don't run configure or make after modifying mkdeb.sh
47	CONFIGURE_OPTIONS: arguments for configure	52	CONFIGURE_OPTIONS: arguments for configure
48	'''.format(script=sys.argv[0]))	53	'''.format(script=sys.argv[0]))
49	sys.exit(0)	54	sys.exit(0)
50	else:	55	else:
51	sys.exit(run(os.path.dirname(os.path.abspath(sys.argv[0]+'/..')), sys.argv[1:]))	56	# Find the source directory
		57	srcdir=None
		58	args=sys.argv[1:]
		59	for a in args:
		60	if a.startswith('--fj-src='):
		61	args.remove(a)
		62	srcdir=a[9:]
		63	break
		64	if not(srcdir):
		65	# srcdir not manually specified, try to auto-detect
		66	srcdir=os.path.dirname(os.path.abspath(sys.argv[0]+'/..'))
		67	if not(os.path.isfile(srcdir+'/mkdeb.sh')):
		68	# Script is probably installed. Check the cwd.
		69	if os.path.isfile('./mkdeb.sh'):
		70	srcdir=None
		71	else:
		72	print('Error: Could not find the firejail source tree. Exiting.')
		73	sys.exit(1)
		74	sys.exit(run(srcdir, args))


diff --git a/etc/baloo_file.profile b/etc/baloo_file.profile index d629d2c5d..499d64fb2 100644 --- a/etc/baloo_file.profile +++ b/etc/baloo_file.profile
@@ -23,7 +23,7 @@ protocol unix
23	# Baloo makes ioprio_set system calls, which are blacklisted by default.	23	# Baloo makes ioprio_set system calls, which are blacklisted by default.
24	seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old	24	seccomp.drop mount,umount2,ptrace,kexec_load,kexec_file_load,name_to_handle_at,open_by_handle_at,create_module,init_module,finit_module,delete_module,iopl,ioperm,swapon,swapoff,syslog,process_vm_readv,process_vm_writev,sysfs,_sysctl,adjtimex,clock_adjtime,lookup_dcookie,perf_event_open,fanotify_init,kcmp,add_key,request_key,keyctl,uselib,acct,modify_ldt,pivot_root,io_setup,io_destroy,io_getevents,io_submit,io_cancel,remap_file_pages,mbind,get_mempolicy,set_mempolicy,migrate_pages,move_pages,vmsplice,chroot,tuxcall,reboot,mfsservctl,get_kernel_syms,bpf,clock_settime,personality,process_vm_writev,query_module,settimeofday,stime,umount,userfaultfd,ustat,vm86,vm86old
25		25
26	blacklist /tmp/.X11-unix	26	x11 xorg
27		27
28	private-dev	28	private-dev
29	private-tmp	29	private-tmp


diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 3deeda960..11007051d 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt
@@ -1153,8 +1153,7 @@ $ firejail \-\-overlay-tmpfs firefox
1153		1153
1154	.TP	1154	.TP
1155	\fB\-\-overlay-clean	1155	\fB\-\-overlay-clean
1156	Clean all overlays stored in $HOME/.firejail directory. Overlays created with --overlay-path=path	1156	Clean all overlays stored in $HOME/.firejail directory.
1157	outside $HOME/.firejail will not be deleted.
1158	.br	1157	.br
1159		1158
1160	.br	1159	.br