diff options
-rw-r--r-- | README.md | 91 | ||||
-rwxr-xr-x | configure | 18 | ||||
-rw-r--r-- | configure.ac | 2 |
3 files changed, 11 insertions, 100 deletions
@@ -98,93 +98,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
98 | ````` | 98 | ````` |
99 | 99 | ||
100 | ````` | 100 | ````` |
101 | # Current development version: 0.9.55 | 101 | # Current development version: 0.9.57 |
102 | |||
103 | ## New commands: | ||
104 | ````` | ||
105 | (wireless support for --net) | ||
106 | --net=ethernet_interface|wireless_interface | ||
107 | Enable a new network namespace and connect it to this ethernet | ||
108 | interface using the standard Linux macvlan|ipvaln driver. | ||
109 | Unless specified with option --ip and --defaultgw, an IP | ||
110 | address and a default gateway will be assigned automatically to | ||
111 | the sandbox. The IP address is verified using ARP before | ||
112 | assignment. The address configured as default gateway is the | ||
113 | default gateway of the host. Up to four --net options can be | ||
114 | specified. Support for ipvlan driver was introduced in Linux | ||
115 | kernel 3.19. | ||
116 | |||
117 | Example: | ||
118 | $ firejail --net=eth0 --ip=192.168.1.80 --dns=8.8.8.8 firefox | ||
119 | $ firejail --net=wlan0 firefox | ||
120 | |||
121 | (tunneling support) | ||
122 | --net=tap_interface | ||
123 | Enable a new network namespace and connect it to this ethernet | ||
124 | tap interface using the standard Linux macvlan driver. If the | ||
125 | tap interface is not configured, the sandbox will not try to | ||
126 | configure the interface inside the sandbox. Please use --ip, | ||
127 | --netmask and --defaultgw to specify the configuration. | ||
128 | |||
129 | Example: | ||
130 | $ firejail --net=tap0 --ip=10.10.20.80 --netmask=255.255.255.0 | ||
131 | --defaultgw=10.10.20.1 firefox | ||
132 | |||
133 | --netmask=address | ||
134 | Use this option when you want to assign an IP address in a new | ||
135 | namespace and the parent interface specified by --net is not | ||
136 | configured. An IP address and a default gateway address | ||
137 | also have to be added. By default the new namespace interface | ||
138 | comes without IP address and default gateway configured. Exam‐ | ||
139 | ple: | ||
140 | |||
141 | $ sudo /sbin/brctl addbr br0 | ||
142 | $ sudo /sbin/ifconfig br0 up | ||
143 | $ firejail --ip=10.10.20.67 --netmask=255.255.255.0 | ||
144 | --defaultgw=10.10.20.1 | ||
145 | |||
146 | --keep-dev-shm | ||
147 | /dev/shm directory is untouched (even with --private-dev) | ||
148 | |||
149 | Example: | ||
150 | $ firejail --keep-dev-shm --private-dev | ||
151 | |||
152 | --nou2f | ||
153 | Disable U2F devices. | ||
154 | |||
155 | Example: | ||
156 | $ firejail --nou2f | ||
157 | |||
158 | --private-cache | ||
159 | Mount an empty temporary filesystem on top of the .cache | ||
160 | directory in user home. All modifications are discarded | ||
161 | when the sandbox is closed. | ||
162 | |||
163 | Example: | ||
164 | $ firejail --private-cache | ||
165 | |||
166 | --tunnel[=devname] | ||
167 | Connect the sandbox to a network overlay/VPN tunnel created by | ||
168 | firetunnel utility. This options tries first the client side of | ||
169 | the tunnel. If this fails, it tries the server side. If multi‐ | ||
170 | ple tunnels are active, please specify the tunnel device using | ||
171 | --tunnel=devname. | ||
172 | |||
173 | The available tunnel devices are listed in /etc/firetunnel | ||
174 | directory, one file for each device. The files are regular | ||
175 | firejail profile files containing the network configuration, | ||
176 | and are created and managed by firetunnel utility. By default | ||
177 | ftc is the client-side device and fts is the server-side | ||
178 | device. For more information please see man 1 firetunnel. | ||
179 | |||
180 | Example: | ||
181 | $ firejail --tunnel firefox | ||
182 | |||
183 | ````` | ||
184 | |||
185 | ## New profiles | ||
186 | Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, | ||
187 | shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, | ||
188 | xxd, Beaker, electrum, clamtk, pybitmessage, dig, whois, jdownloader, | ||
189 | Fluxbox, Blackbox, Awesome, i3, start-tor-browser.desktop | ||
190 | |||
@@ -1,6 +1,6 @@ | |||
1 | #! /bin/sh | 1 | #! /bin/sh |
2 | # Guess values for system-dependent variables and create Makefiles. | 2 | # Guess values for system-dependent variables and create Makefiles. |
3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.56. | 3 | # Generated by GNU Autoconf 2.69 for firejail 0.9.57. |
4 | # | 4 | # |
5 | # Report bugs to <netblue30@yahoo.com>. | 5 | # Report bugs to <netblue30@yahoo.com>. |
6 | # | 6 | # |
@@ -580,8 +580,8 @@ MAKEFLAGS= | |||
580 | # Identity of this package. | 580 | # Identity of this package. |
581 | PACKAGE_NAME='firejail' | 581 | PACKAGE_NAME='firejail' |
582 | PACKAGE_TARNAME='firejail' | 582 | PACKAGE_TARNAME='firejail' |
583 | PACKAGE_VERSION='0.9.56' | 583 | PACKAGE_VERSION='0.9.57' |
584 | PACKAGE_STRING='firejail 0.9.56' | 584 | PACKAGE_STRING='firejail 0.9.57' |
585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' | 585 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
586 | PACKAGE_URL='https://firejail.wordpress.com' | 586 | PACKAGE_URL='https://firejail.wordpress.com' |
587 | 587 | ||
@@ -1275,7 +1275,7 @@ if test "$ac_init_help" = "long"; then | |||
1275 | # Omit some internal or obsolete options to make the list less imposing. | 1275 | # Omit some internal or obsolete options to make the list less imposing. |
1276 | # This message is too long to be a string in the A/UX 3.1 sh. | 1276 | # This message is too long to be a string in the A/UX 3.1 sh. |
1277 | cat <<_ACEOF | 1277 | cat <<_ACEOF |
1278 | \`configure' configures firejail 0.9.56 to adapt to many kinds of systems. | 1278 | \`configure' configures firejail 0.9.57 to adapt to many kinds of systems. |
1279 | 1279 | ||
1280 | Usage: $0 [OPTION]... [VAR=VALUE]... | 1280 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1281 | 1281 | ||
@@ -1337,7 +1337,7 @@ fi | |||
1337 | 1337 | ||
1338 | if test -n "$ac_init_help"; then | 1338 | if test -n "$ac_init_help"; then |
1339 | case $ac_init_help in | 1339 | case $ac_init_help in |
1340 | short | recursive ) echo "Configuration of firejail 0.9.56:";; | 1340 | short | recursive ) echo "Configuration of firejail 0.9.57:";; |
1341 | esac | 1341 | esac |
1342 | cat <<\_ACEOF | 1342 | cat <<\_ACEOF |
1343 | 1343 | ||
@@ -1442,7 +1442,7 @@ fi | |||
1442 | test -n "$ac_init_help" && exit $ac_status | 1442 | test -n "$ac_init_help" && exit $ac_status |
1443 | if $ac_init_version; then | 1443 | if $ac_init_version; then |
1444 | cat <<\_ACEOF | 1444 | cat <<\_ACEOF |
1445 | firejail configure 0.9.56 | 1445 | firejail configure 0.9.57 |
1446 | generated by GNU Autoconf 2.69 | 1446 | generated by GNU Autoconf 2.69 |
1447 | 1447 | ||
1448 | Copyright (C) 2012 Free Software Foundation, Inc. | 1448 | Copyright (C) 2012 Free Software Foundation, Inc. |
@@ -1744,7 +1744,7 @@ cat >config.log <<_ACEOF | |||
1744 | This file contains any messages produced by compilers while | 1744 | This file contains any messages produced by compilers while |
1745 | running configure, to aid debugging if configure makes a mistake. | 1745 | running configure, to aid debugging if configure makes a mistake. |
1746 | 1746 | ||
1747 | It was created by firejail $as_me 0.9.56, which was | 1747 | It was created by firejail $as_me 0.9.57, which was |
1748 | generated by GNU Autoconf 2.69. Invocation command line was | 1748 | generated by GNU Autoconf 2.69. Invocation command line was |
1749 | 1749 | ||
1750 | $ $0 $@ | 1750 | $ $0 $@ |
@@ -4379,7 +4379,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 | |||
4379 | # report actual input values of CONFIG_FILES etc. instead of their | 4379 | # report actual input values of CONFIG_FILES etc. instead of their |
4380 | # values after options handling. | 4380 | # values after options handling. |
4381 | ac_log=" | 4381 | ac_log=" |
4382 | This file was extended by firejail $as_me 0.9.56, which was | 4382 | This file was extended by firejail $as_me 0.9.57, which was |
4383 | generated by GNU Autoconf 2.69. Invocation command line was | 4383 | generated by GNU Autoconf 2.69. Invocation command line was |
4384 | 4384 | ||
4385 | CONFIG_FILES = $CONFIG_FILES | 4385 | CONFIG_FILES = $CONFIG_FILES |
@@ -4433,7 +4433,7 @@ _ACEOF | |||
4433 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 | 4433 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4434 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" | 4434 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4435 | ac_cs_version="\\ | 4435 | ac_cs_version="\\ |
4436 | firejail config.status 0.9.56 | 4436 | firejail config.status 0.9.57 |
4437 | configured by $0, generated by GNU Autoconf 2.69, | 4437 | configured by $0, generated by GNU Autoconf 2.69, |
4438 | with options \\"\$ac_cs_config\\" | 4438 | with options \\"\$ac_cs_config\\" |
4439 | 4439 | ||
diff --git a/configure.ac b/configure.ac index 41f92d646..f01bf2199 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,5 +1,5 @@ | |||
1 | AC_PREREQ([2.68]) | 1 | AC_PREREQ([2.68]) |
2 | AC_INIT(firejail, 0.9.56, netblue30@yahoo.com, , https://firejail.wordpress.com) | 2 | AC_INIT(firejail, 0.9.57, netblue30@yahoo.com, , https://firejail.wordpress.com) |
3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) | 3 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
4 | #AC_CONFIG_HEADERS([config.h]) | 4 | #AC_CONFIG_HEADERS([config.h]) |
5 | 5 | ||