6 files changed, 51 insertions, 0 deletions

diff --git a/README.md b/README.md
index eb4a1c21b..6d244f8da 100644
--- a/README.md
+++ b/README.md
@@ -63,3 +63,18 @@ If you are using a plugin or extension that requires other directories, please o
 ### New security profiles:
 New profiles introduced in this version: unbound, dnscrypt-proxy
 
+### --noblacklist
+`````
+      --noblacklist=dirname_or_filename
+              Disable blacklist for this directory or file.
+
+              Example:
+              $ firejail
+              $ nc dict.org 2628
+              bash: /bin/nc: Permission denied
+              $ exit
+
+              $ firejail --noblacklist=/bin/nc
+              $ nc dict.org 2628
+              220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
+`````
diff --git a/RELNOTES b/RELNOTES
index 0513f72c7..90158583a 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
 firejail (0.9.34) baseline; urgency=low
   * added  unbound and dnscrypt-proxy profiles
+  * added --noblacklist option
   * bugfixes
  -- netblue30 <netblue30@yahoo.com>  ongoing development
 
diff --git a/etc/disable-mgmt.inc b/etc/disable-mgmt.inc
index b01b326d4..ab9fe3cb1 100644
--- a/etc/disable-mgmt.inc
+++ b/etc/disable-mgmt.inc
@@ -12,6 +12,7 @@ blacklist ${PATH}/xinput
 blacklist ${PATH}/evtest
 blacklist ${PATH}/xev
 blacklist ${PATH}/strace
+blacklist ${PATH}/nc
 
 # Prevent manipulation of firejail configuration
 blacklist /etc/firejail
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 729b1805e..7f6d3a1f8 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -636,6 +636,14 @@ int main(int argc, char **argv) {
                         profile_check_line(line, 0);    // will exit if something wrong
                         profile_add(line);
                 }
+                else if (strncmp(argv[i], "--noblacklist=", 14) == 0) {
+                        char *line;
+                        if (asprintf(&line, "noblacklist %s", argv[i] + 14) == -1)
+                                errExit("asprintf");
+                        
+                        profile_check_line(line, 0);    // will exit if something wrong
+                        profile_add(line);
+                }
                 else if (strncmp(argv[i], "--whitelist=", 12) == 0) {
                         char *line;
                         if (asprintf(&line, "whitelist %s", argv[i] + 12) == -1)
diff --git a/src/firejail/usage.c b/src/firejail/usage.c
index 76c12ecc1..238205c04 100644
--- a/src/firejail/usage.c
+++ b/src/firejail/usage.c
@@ -140,6 +140,8 @@ void usage(void) {
 
         printf("\t--netstats - monitor network statistics for sandboxes creating a new\n");
         printf("\t\tnetwork namespace.\n\n");
+        printf("\t--noblacklist=dirname_or_filename - disable blacklist for directory\n");
+        printf("\t\tor file.\n\n");
         printf("\t--nogroups - disable supplementary groups. Without this option,\n");
         printf("\t\tsupplementary groups are enabled for the user starting the\n");
         printf("\t\tsandbox. For root user supplementary groups are always\n");
diff --git a/src/man/firejail.txt b/src/man/firejail.txt
index 912a08580..2a0c9eb47 100644
--- a/src/man/firejail.txt
+++ b/src/man/firejail.txt
@@ -608,6 +608,30 @@ PID  User    RX(KB/s) TX(KB/s) Command
 
 
 .TP
+\fB\-\-noblacklist=dirname_or_filename
+Disable blacklist for this directory or file.
+.br
+
+.br
+Example:
+.br
+$ firejail
+.br
+$ nc dict.org 2628
+.br
+bash: /bin/nc: Permission denied
+.br
+$ exit
+.br
+
+.br
+$ firejail --noblacklist=/bin/nc
+.br
+$ nc dict.org 2628
+.br
+220 pan.alephnull.com dictd 1.12.1/rf on Linux 3.14-1-amd64
+.br
+.TP
 \fB\-\-nogroups
 Disable supplementary groups. Without this option, supplementary groups are enabled for the user starting the
 sandbox. For root user supplementary groups are always disabled.