diff options
| -rw-r--r-- | README | 6 | ||||
| -rw-r--r-- | RELNOTES | 4 | ||||
| -rw-r--r-- | etc/qbittorrent.profile | 2 | ||||
| -rw-r--r-- | src/man/firejail-profile.txt | 2 | ||||
| -rw-r--r-- | src/man/firejail.txt | 4 | ||||
| -rwxr-xr-x | test/profile_syntax2.exp | 4 | ||||
| -rwxr-xr-x | test/seccomp-debug.exp | 10 | ||||
| -rw-r--r-- | todo | 5 |
8 files changed, 22 insertions, 15 deletions
| @@ -21,6 +21,10 @@ Peter Millerchip (https://github.com/pmillerchip) | |||
| 21 | - support for files and directories starting with ~ in blacklist option | 21 | - support for files and directories starting with ~ in blacklist option |
| 22 | - support for files and directories with spaces in blacklist option | 22 | - support for files and directories with spaces in blacklist option |
| 23 | - lots of other fixes | 23 | - lots of other fixes |
| 24 | sarneaud (https://github.com/sarneaud) | ||
| 25 | - rewrite globbing code to fix various minor issues | ||
| 26 | - added noblacklist command for profile files | ||
| 27 | - various enhancements and bug fixes | ||
| 24 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) | 28 | Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) |
| 25 | - user namespace implementation | 29 | - user namespace implementation |
| 26 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration | 30 | Reiner Herrmann - a number of build patches, man page fixes, Debian integration |
| @@ -39,7 +43,5 @@ mjudtmann (https://github.com/mjudtmann) | |||
| 39 | - lock firejail configuration in disable-mgmt.inc | 43 | - lock firejail configuration in disable-mgmt.inc |
| 40 | iiotx (https://github.com/iiotx) | 44 | iiotx (https://github.com/iiotx) |
| 41 | - use generci.profile by default | 45 | - use generci.profile by default |
| 42 | sarneaud (https://github.com/sarneaud) | ||
| 43 | - rewrite globbing code to fix various minor issues | ||
| 44 | 46 | ||
| 45 | Copyright (C) 2014, 2015 Firejail Authors | 47 | Copyright (C) 2014, 2015 Firejail Authors |
| @@ -8,8 +8,8 @@ firejail (0.9.29) baseline; urgency=low | |||
| 8 | * --private.keep is transitioned to --private-home | 8 | * --private.keep is transitioned to --private-home |
| 9 | * support ~ and blanks in blacklist option | 9 | * support ~ and blanks in blacklist option |
| 10 | * support "net none" command in profile files | 10 | * support "net none" command in profile files |
| 11 | * added "net none" to Evince PDF viewer | 11 | * using /etc/firejail/generic.profile by default for user sessions |
| 12 | * using /etc/firejail/generic.profile by default | 12 | * using /etc/firejail/server.profile by default for root sessions |
| 13 | * bugfixes | 13 | * bugfixes |
| 14 | -- netblue30 <netblue30@yahoo.com> Mon, 24 Aug 2015 20:25:00 -0500 | 14 | -- netblue30 <netblue30@yahoo.com> Mon, 24 Aug 2015 20:25:00 -0500 |
| 15 | 15 | ||
diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 71ddff631..dd7be997c 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # abittorrent profile | 1 | # qbittorrent profile |
| 2 | include /etc/firejail/disable-mgmt.inc | 2 | include /etc/firejail/disable-mgmt.inc |
| 3 | include /etc/firejail/disable-secret.inc | 3 | include /etc/firejail/disable-secret.inc |
| 4 | include /etc/firejail/disable-common.inc | 4 | include /etc/firejail/disable-common.inc |
diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 64565ab0b..1473c5889 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt | |||
| @@ -80,6 +80,8 @@ file in user home directory. | |||
| 80 | 80 | ||
| 81 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. | 81 | Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. |
| 82 | 82 | ||
| 83 | Note: exclude-token is deprecated, use noblacklist command instead. | ||
| 84 | |||
| 83 | .TP | 85 | .TP |
| 84 | # this is a comment | 86 | # this is a comment |
| 85 | 87 | ||
diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 62176b84f..cfd00456b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt | |||
| @@ -705,6 +705,10 @@ Example: | |||
| 705 | $ firejail \-\-private=/home/netblue/firefox-home firefox | 705 | $ firejail \-\-private=/home/netblue/firefox-home firefox |
| 706 | 706 | ||
| 707 | .TP | 707 | .TP |
| 708 | \fB\-\-private-keep=file,directory | ||
| 709 | This option is deprecated, use private-home instead | ||
| 710 | |||
| 711 | .TP | ||
| 708 | \fB\-\-private-home=file,directory | 712 | \fB\-\-private-home=file,directory |
| 709 | Build a new user home in a temporary | 713 | Build a new user home in a temporary |
| 710 | filesystem, and copy the files and directories in the list in the | 714 | filesystem, and copy the files and directories in the list in the |
diff --git a/test/profile_syntax2.exp b/test/profile_syntax2.exp index cd514aa0e..7c5d1b5cd 100755 --- a/test/profile_syntax2.exp +++ b/test/profile_syntax2.exp | |||
| @@ -28,11 +28,11 @@ expect { | |||
| 28 | } | 28 | } |
| 29 | expect { | 29 | expect { |
| 30 | timeout {puts "TESTING ERROR 5\n";exit} | 30 | timeout {puts "TESTING ERROR 5\n";exit} |
| 31 | "Initialize seccomp filter" | 31 | "SECCOMP Filter" |
| 32 | } | 32 | } |
| 33 | expect { | 33 | expect { |
| 34 | timeout {puts "TESTING ERROR 6\n";exit} | 34 | timeout {puts "TESTING ERROR 6\n";exit} |
| 35 | "Blacklisting syscall" | 35 | "BLACKLIST" |
| 36 | } | 36 | } |
| 37 | expect { | 37 | expect { |
| 38 | timeout {puts "TESTING ERROR 7\n";exit} | 38 | timeout {puts "TESTING ERROR 7\n";exit} |
diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp index a7b89912a..1034f040e 100755 --- a/test/seccomp-debug.exp +++ b/test/seccomp-debug.exp | |||
| @@ -7,11 +7,7 @@ match_max 100000 | |||
| 7 | send -- "firejail --seccomp --debug\r" | 7 | send -- "firejail --seccomp --debug\r" |
| 8 | expect { | 8 | expect { |
| 9 | timeout {puts "TESTING ERROR 0\n";exit} | 9 | timeout {puts "TESTING ERROR 0\n";exit} |
| 10 | "Blacklisting syscall" | 10 | "SECCOMP Filter" |
| 11 | } | ||
| 12 | expect { | ||
| 13 | timeout {puts "TESTING ERROR 1\n";exit} | ||
| 14 | "open_by_handle_at" | ||
| 15 | } | 11 | } |
| 16 | expect { | 12 | expect { |
| 17 | timeout {puts "TESTING ERROR 2\n";exit} | 13 | timeout {puts "TESTING ERROR 2\n";exit} |
| @@ -28,5 +24,5 @@ expect { | |||
| 28 | sleep 2 | 24 | sleep 2 |
| 29 | 25 | ||
| 30 | send -- "exit\r" | 26 | send -- "exit\r" |
| 31 | sleep 1 | 27 | after 100 |
| 32 | puts "\n" | 28 | puts "all done\n" |
| @@ -27,5 +27,8 @@ Warning: failed to unmount /sys | |||
| 27 | Child process initialized | 27 | Child process initialized |
| 28 | $ | 28 | $ |
| 29 | 29 | ||
| 30 | 3. default.profile creating problems for --chroot, --overlay, --private-home | 30 | 3. Remove private.keep in 0.9.34 release (deprecated in 0.9.30) |
| 31 | |||
| 32 | 4. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30) | ||
| 33 | |||
| 31 | 34 | ||