2 files changed, 11 insertions, 24 deletions

diff --git a/RELNOTES b/RELNOTES
index 2bab5ddc2..fe871134b 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,6 +1,10 @@
 firejail (0.9.53) baseline; urgency=low
   * work in progress
   * seccomp syscall list update for glibc 2.26-10
+  * IPv6 DNS support
+  * whitelist support for overlay and chroot sandboxes
+  * private-dev support for overlay and chroot sandboxes
+  * private-tmp support for overlay and chroot sandboxes
   * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, discord-canary
   * new profiles: pycharm-community, pycharm-professional
  -- netblue30 <netblue30@yahoo.com>  Tue, 12 Dec 2017 08:00:00 -0500
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c
index ed0a253b3..47bb94a52 100644
--- a/src/firejail/sandbox.c
+++ b/src/firejail/sandbox.c
@@ -763,14 +763,8 @@ int sandbox(void* sandbox_arg) {
                         fs_private();
         }
 
-        if (arg_private_dev) {
-                if (cfg.chrootdir)
-                        fwarning("private-dev feature is disabled in chroot\n");
-                else if (arg_overlay)
-                        fwarning("private-dev feature is disabled in overlay\n");
-                else
-                        fs_private_dev();
-        }
+        if (arg_private_dev)
+                fs_private_dev();
 
         if (arg_private_etc) {
                 if (cfg.chrootdir)
@@ -835,16 +829,10 @@ int sandbox(void* sandbox_arg) {
         }
 
         if (arg_private_tmp) {
-                if (cfg.chrootdir)
-                        fwarning("private-tmp feature is disabled in chroot\n");
-                else if (arg_overlay)
-                        fwarning("private-tmp feature is disabled in overlay\n");
-                else {
-                        // private-tmp is implemented as a whitelist
-                        EUID_USER();
-                        fs_private_tmp();
-                        EUID_ROOT();
-                }
+                // private-tmp is implemented as a whitelist
+                EUID_USER();
+                fs_private_tmp();
+                EUID_ROOT();
         }
 
         //****************************
@@ -877,12 +865,7 @@ int sandbox(void* sandbox_arg) {
         // apply the profile file
         //****************************
         // apply all whitelist commands ...
-        if (cfg.chrootdir)
-                fwarning("whitelist feature is disabled in chroot\n");
-        else if (arg_overlay)
-                fwarning("whitelist feature is disabled in overlay\n");
-        else
-                fs_whitelist();
+        fs_whitelist();
 
         // ... followed by blacklist commands
         fs_blacklist(); // mkdir and mkfile are processed all over again