diff options
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 79 | ||||
-rw-r--r-- | RELNOTES | 6 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 |
5 files changed, 40 insertions, 66 deletions
@@ -838,6 +838,7 @@ PizzaDude (https://github.com/pizzadude) | |||
838 | - added profile for torbrowser-launcher | 838 | - added profile for torbrowser-launcher |
839 | - added profile for sayonara and qmmp | 839 | - added profile for sayonara and qmmp |
840 | - remove tracelog from Firefox profile | 840 | - remove tracelog from Firefox profile |
841 | - fix welcome.sh | ||
841 | polyzen (https://github.com/polyzen) | 842 | polyzen (https://github.com/polyzen) |
842 | - fixed wusc issue with mpv/Vulkan | 843 | - fixed wusc issue with mpv/Vulkan |
843 | probonopd (https://github.com/probonopd) | 844 | probonopd (https://github.com/probonopd) |
@@ -207,43 +207,12 @@ You can also use this tool to get a list of syscalls needed by a program: [contr | |||
207 | 207 | ||
208 | We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. | 208 | We also keep a list of profile fixes for previous released versions in [etc-fixes](https://github.com/netblue30/firejail/tree/master/etc-fixes) directory. |
209 | 209 | ||
210 | ## Latest released version: 0.9.68 | 210 | ## Latest released version: 0.9.70 |
211 | 211 | ||
212 | ## Current development version: 0.9.69 | 212 | ## Current development version: 0.9.71 |
213 | 213 | ||
214 | Milestone page: https://github.com/netblue30/firejail/milestone/1 | 214 | Milestone page: https://github.com/netblue30/firejail/milestone/1 |
215 | 215 | ||
216 | ### Shell tab completion | ||
217 | ``` | ||
218 | --tab Enable shell tab completion in sandboxes using private or whitelisted | ||
219 | home directories. | ||
220 | |||
221 | $ firejail --private --tab | ||
222 | ``` | ||
223 | |||
224 | ### Kernel OutOfMemory-killer | ||
225 | ````` | ||
226 | --oom=value | ||
227 | Configure kernel's OutOfMemory-killer score for this sandbox. | ||
228 | The acceptable score values are between 0 and 1000 for regular | ||
229 | users, and -1000 to 1000 for root. For more information on OOM | ||
230 | kernel feature see man choom. | ||
231 | |||
232 | Example: | ||
233 | $ firejail --oom=300 firefox | ||
234 | ````` | ||
235 | |||
236 | ### Guided configuration | ||
237 | ````` | ||
238 | $ man firecfg | ||
239 | [...] | ||
240 | --guide | ||
241 | Guided configuration for new users. | ||
242 | |||
243 | Example: | ||
244 | $ sudo firecfg --guide | ||
245 | ````` | ||
246 | |||
247 | ### Profile Statistics | 216 | ### Profile Statistics |
248 | 217 | ||
249 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. | 218 | A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory. |
@@ -254,30 +223,30 @@ No include .local found in /etc/firejail/noprofile.profile | |||
254 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile | 223 | Warning: multiple caps in /etc/firejail/transmission-daemon.profile |
255 | 224 | ||
256 | Stats: | 225 | Stats: |
257 | profiles 1184 | 226 | profiles 1191 |
258 | include local profile 1183 (include profile-name.local) | 227 | include local profile 1190 (include profile-name.local) |
259 | include globals 1152 (include globals.local) | 228 | include globals 1164 (include globals.local) |
260 | blacklist ~/.ssh 1057 (include disable-common.inc) | 229 | blacklist ~/.ssh 1063 (include disable-common.inc) |
261 | seccomp 1076 | 230 | seccomp 1082 |
262 | capabilities 1178 | 231 | capabilities 1185 |
263 | noexec 1064 (include disable-exec.inc) | 232 | noexec 1070 (include disable-exec.inc) |
264 | noroot 985 | 233 | noroot 991 |
265 | memory-deny-write-execute 259 | 234 | memory-deny-write-execute 267 |
266 | apparmor 707 | 235 | apparmor 710 |
267 | private-bin 686 | 236 | private-bin 689 |
268 | private-dev 1040 | 237 | private-dev 1041 |
269 | private-etc 537 | 238 | private-etc 539 |
270 | private-tmp 911 | 239 | private-tmp 915 |
271 | whitelist home directory 567 | 240 | whitelist home directory 573 |
272 | whitelist var 849 (include whitelist-var-common.inc) | 241 | whitelist var 855 (include whitelist-var-common.inc) |
273 | whitelist run/user 1153 (include whitelist-runuser-common.inc | 242 | whitelist run/user 1159 (include whitelist-runuser-common.inc |
274 | or blacklist ${RUNUSER}) | 243 | or blacklist ${RUNUSER}) |
275 | whitelist usr/share 621 (include whitelist-usr-share-common.inc | 244 | whitelist usr/share 628 (include whitelist-usr-share-common.inc |
276 | net none 403 | 245 | net none 403 |
277 | dbus-user none 670 | 246 | dbus-user none 673 |
278 | dbus-user filter 114 | 247 | dbus-user filter 122 |
279 | dbus-system none 824 | 248 | dbus-system none 832 |
280 | dbus-system filter 10 | 249 | dbus-system filter 12 |
281 | ``` | 250 | ``` |
282 | 251 | ||
283 | ### New profiles: | 252 | ### New profiles: |
@@ -1,3 +1,7 @@ | |||
1 | firejail (0.9.71) baseline; urgency=low | ||
2 | * work in progress | ||
3 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Jun 2022 09:00:00 -0500 | ||
4 | |||
1 | firejail (0.9.70) baseline; urgency=low | 5 | firejail (0.9.70) baseline; urgency=low |
2 | * security: CVE-2022-31214 - root escalation in --join logic | 6 | * security: CVE-2022-31214 - root escalation in --join logic |
3 | Reported by Matthias Gerstner, working exploit code was provided to our | 7 | Reported by Matthias Gerstner, working exploit code was provided to our |
@@ -34,7 +38,7 @@ firejail (0.9.70) baseline; urgency=low | |||
34 | * new profiles: onionshare, onionshare-cli, opera-developer, songrec | 38 | * new profiles: onionshare, onionshare-cli, opera-developer, songrec |
35 | * new profiles: node-gyp, npx, semver, ping-hardened | 39 | * new profiles: node-gyp, npx, semver, ping-hardened |
36 | * removed profiles: nvm | 40 | * removed profiles: nvm |
37 | -- netblue30 <netblue30@yahoo.com> Mon, 7 Feb 2022 09:00:00 -0500 | 41 | -- netblue30 <netblue30@yahoo.com> Thu, 9 Jun 2022 09:00:00 -0500 |
38 | 42 | ||
39 | firejail (0.9.68) baseline; urgency=low | 43 | firejail (0.9.68) baseline; urgency=low |
40 | * security: on Ubuntu, the PPA is now recommended over the distro package | 44 | * security: on Ubuntu, the PPA is now recommended over the distro package |
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.70. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.71. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@protonmail.com>. | 5 | # Report bugs to <netblue30@protonmail.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.70' | 583 | PACKAGE_VERSION='0.9.71' |
584 | PACKAGE_STRING='firejail 0.9.70' | 584 | PACKAGE_STRING='firejail 0.9.71' |
585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' | 585 | PACKAGE_BUGREPORT='netblue30@protonmail.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -1298,7 +1298,7 @@ if test "$ac_init_help" = "long"; then | |||
1298 | # Omit some internal or obsolete options to make the list less imposing. | 1298 | # Omit some internal or obsolete options to make the list less imposing. |
1299 | # This message is too long to be a string in the A/UX 3.1 sh. | 1299 | # This message is too long to be a string in the A/UX 3.1 sh. |
1300 | cat <<_ACEOF | 1300 | cat <<_ACEOF |
1301 | \`configure' configures firejail 0.9.70 to adapt to many kinds of systems. | 1301 | \`configure' configures firejail 0.9.71 to adapt to many kinds of systems. |
1302 | 1302 | ||
1303 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1303 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1304 | 1304 | ||
@@ -1360,7 +1360,7 @@ fi | |||
1360 | 1360 | ||
1361 | if test -n "$ac_init_help"; then | 1361 | if test -n "$ac_init_help"; then |
1362 | case $ac_init_help in | 1362 | case $ac_init_help in |
1363 | short | recursive ) echo "Configuration of firejail 0.9.70:";; | 1363 | short | recursive ) echo "Configuration of firejail 0.9.71:";; |
1364 | esac | 1364 | esac |
1365 | cat <<\_ACEOF | 1365 | cat <<\_ACEOF |
1366 | 1366 | ||
@@ -1484,7 +1484,7 @@ fi | |||
1484 | test -n "$ac_init_help" && exit $ac_status | 1484 | test -n "$ac_init_help" && exit $ac_status |
1485 | if $ac_init_version; then | 1485 | if $ac_init_version; then |
1486 | cat <<\_ACEOF | 1486 | cat <<\_ACEOF |
1487 | firejail configure 0.9.70 | 1487 | firejail configure 0.9.71 |
1488 | generated by GNU Autoconf 2.69 | 1488 | generated by GNU Autoconf 2.69 |
1489 | 1489 | ||
1490 | Copyright (C) 2012 Free Software Foundation, Inc. | 1490 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1740,7 +1740,7 @@ cat >config.log <<_ACEOF | |||
1740 | This file contains any messages produced by compilers while | 1740 | This file contains any messages produced by compilers while |
1741 | running configure, to aid debugging if configure makes a mistake. | 1741 | running configure, to aid debugging if configure makes a mistake. |
1742 | 1742 | ||
1743 | It was created by firejail $as_me 0.9.70, which was | 1743 | It was created by firejail $as_me 0.9.71, which was |
1744 | generated by GNU Autoconf 2.69. Invocation command line was | 1744 | generated by GNU Autoconf 2.69. Invocation command line was |
1745 | 1745 | ||
1746 | $ $0 $@ | 1746 | $ $0 $@ |
@@ -4631,7 +4631,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4631 | # report actual input values of CONFIG_FILES etc. instead of their | 4631 | # report actual input values of CONFIG_FILES etc. instead of their |
4632 | # values after options handling. | 4632 | # values after options handling. |
4633 | ac_log=" | 4633 | ac_log=" |
4634 | This file was extended by firejail $as_me 0.9.70, which was | 4634 | This file was extended by firejail $as_me 0.9.71, which was |
4635 | generated by GNU Autoconf 2.69. Invocation command line was | 4635 | generated by GNU Autoconf 2.69. Invocation command line was |
4636 | 4636 | ||
4637 | CONFIG_FILES = $CONFIG_FILES | 4637 | CONFIG_FILES = $CONFIG_FILES |
@@ -4685,7 +4685,7 @@ _ACEOF | |||
4685 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4685 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4686 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4686 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4687 | ac_cs_version="\\ | 4687 | ac_cs_version="\\ |
4688 | firejail config.status 0.9.70 | 4688 | firejail config.status 0.9.71 |
4689 | configured by $0, generated by GNU Autoconf 2.69, | 4689 | configured by $0, generated by GNU Autoconf 2.69, |
4690 | with options \\"\$ac_cs_config\\" | 4690 | with options \\"\$ac_cs_config\\" |
4691 | 4691 | ||
diff --git a/configure.ac b/configure.ac index 63afe5d63..ec7835013 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -12,7 +12,7 @@ | |||
12 | # | 12 | # |
13 | 13 | ||
14 | AC_PREREQ([2.68]) | 14 | AC_PREREQ([2.68]) |
15 | AC_INIT([firejail], [0.9.70], [netblue30@protonmail.com], [], | 15 | AC_INIT([firejail], [0.9.71], [netblue30@protonmail.com], [], |
16 | [https://firejail.wordpress.com]) | 16 | [https://firejail.wordpress.com]) |
17 | 17 | ||
18 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 18 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |