diff options
| -rw-r--r-- | RELNOTES | 10 | ||||
| -rw-r--r-- | src/firejail/checkcfg.c | 29 | ||||
| -rw-r--r-- | src/firejail/usage.c | 6 |
3 files changed, 28 insertions, 17 deletions
| @@ -1,13 +1,17 @@ | |||
| 1 | firejail (0.9.65) baseline; urgency=low | 1 | firejail (0.9.65) baseline; urgency=low |
| 2 | * filtering environment variables | 2 | * filtering environment variables |
| 3 | * zsh completion | 3 | * zsh completion |
| 4 | * --mkdir, --mkfile | 4 | * command line: --mkdir, --mkfile |
| 5 | * protocol now accumulates | 5 | * --protocol now accumulates |
| 6 | * Jolla/SailfishOS patches | 6 | * Jolla/SailfishOS patches |
| 7 | * private-lib rework | 7 | * private-lib rework |
| 8 | * jailtest | 8 | * jailtest utility for testing running sandboxes |
| 9 | * removed --audit options, relpaced by jailtest | ||
| 9 | * capabilities list update | 10 | * capabilities list update |
| 10 | * faccessat2 syscall support | 11 | * faccessat2 syscall support |
| 12 | * compile time: --enable-force-nonewprivs | ||
| 13 | * compile time: --disable-output | ||
| 14 | * compile time: --enable-lts | ||
| 11 | * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng | 15 | * new profiles: vmware-view, display-im6.q16, ipcalc, ipcalc-ng |
| 12 | * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, | 16 | * ebook-convert, ebook-edit, ebook-meta, ebook-polish, lzop, |
| 13 | * avidemux, calligragemini, vmware-player, vmware-workstation | 17 | * avidemux, calligragemini, vmware-player, vmware-workstation |
diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c index a277e76d9..e1613b325 100644 --- a/src/firejail/checkcfg.c +++ b/src/firejail/checkcfg.c | |||
| @@ -269,6 +269,14 @@ errout: | |||
| 269 | 269 | ||
| 270 | void print_compiletime_support(void) { | 270 | void print_compiletime_support(void) { |
| 271 | printf("Compile time support:\n"); | 271 | printf("Compile time support:\n"); |
| 272 | printf("\t- Always force nonewprivs support is %s\n", | ||
| 273 | #ifdef HAVE_FORCE_NONEWPRIVS | ||
| 274 | "enabled" | ||
| 275 | #else | ||
| 276 | "disabled" | ||
| 277 | #endif | ||
| 278 | ); | ||
| 279 | |||
| 272 | printf("\t- AppArmor support is %s\n", | 280 | printf("\t- AppArmor support is %s\n", |
| 273 | #ifdef HAVE_APPARMOR | 281 | #ifdef HAVE_APPARMOR |
| 274 | "enabled" | 282 | "enabled" |
| @@ -333,6 +341,13 @@ void print_compiletime_support(void) { | |||
| 333 | #endif | 341 | #endif |
| 334 | ); | 342 | ); |
| 335 | 343 | ||
| 344 | printf("\t- output logging is %s\n", | ||
| 345 | #ifdef HAVE_OUTPUT | ||
| 346 | "enabled" | ||
| 347 | #else | ||
| 348 | "disabled" | ||
| 349 | #endif | ||
| 350 | ); | ||
| 336 | printf("\t- overlayfs support is %s\n", | 351 | printf("\t- overlayfs support is %s\n", |
| 337 | #ifdef HAVE_OVERLAYFS | 352 | #ifdef HAVE_OVERLAYFS |
| 338 | "enabled" | 353 | "enabled" |
| @@ -381,19 +396,5 @@ void print_compiletime_support(void) { | |||
| 381 | #endif | 396 | #endif |
| 382 | ); | 397 | ); |
| 383 | 398 | ||
| 384 | printf("\t- output logging is %s\n", | ||
| 385 | #ifdef HAVE_OUTPUT | ||
| 386 | "enabled" | ||
| 387 | #else | ||
| 388 | "disabled" | ||
| 389 | #endif | ||
| 390 | ); | ||
| 391 | 399 | ||
| 392 | printf("\t- Always force nonewprivs support is %s\n", | ||
| 393 | #ifdef HAVE_FORCE_NONEWPRIVS | ||
| 394 | "enabled" | ||
| 395 | #else | ||
| 396 | "disabled" | ||
| 397 | #endif | ||
| 398 | ); | ||
| 399 | } | 400 | } |
diff --git a/src/firejail/usage.c b/src/firejail/usage.c index 8f9cc065f..a9acd7692 100644 --- a/src/firejail/usage.c +++ b/src/firejail/usage.c | |||
| @@ -55,6 +55,7 @@ static char *usage_str = | |||
| 55 | #endif | 55 | #endif |
| 56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" | 56 | " --cpu=cpu-number,cpu-number - set cpu affinity.\n" |
| 57 | " --cpu.print=name|pid - print the cpus in use.\n" | 57 | " --cpu.print=name|pid - print the cpus in use.\n" |
| 58 | #ifdef HAVE_DBUSPROXy | ||
| 58 | " --dbus-log=file - set DBus log file location.\n" | 59 | " --dbus-log=file - set DBus log file location.\n" |
| 59 | " --dbus-system=filter|none - set system DBus access policy.\n" | 60 | " --dbus-system=filter|none - set system DBus access policy.\n" |
| 60 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" | 61 | " --dbus-system.broadcast=rule - allow signals on the system DBus according to rule.\n" |
| @@ -70,6 +71,7 @@ static char *usage_str = | |||
| 70 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" | 71 | " --dbus-user.own=name - allow ownership of name on the session DBus.\n" |
| 71 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" | 72 | " --dbus-user.see=name - allow seeing name on the session DBus.\n" |
| 72 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" | 73 | " --dbus-user.talk=name - allow talking to name on the session DBus.\n" |
| 74 | #endif | ||
| 73 | " --debug - print sandbox debug messages.\n" | 75 | " --debug - print sandbox debug messages.\n" |
| 74 | " --debug-blacklists - debug blacklisting.\n" | 76 | " --debug-blacklists - debug blacklisting.\n" |
| 75 | " --debug-caps - print all recognized capabilities.\n" | 77 | " --debug-caps - print all recognized capabilities.\n" |
| @@ -162,14 +164,18 @@ static char *usage_str = | |||
| 162 | " --novideo - disable video devices.\n" | 164 | " --novideo - disable video devices.\n" |
| 163 | " --nou2f - disable U2F devices.\n" | 165 | " --nou2f - disable U2F devices.\n" |
| 164 | " --nowhitelist=filename - disable whitelist for file or directory.\n" | 166 | " --nowhitelist=filename - disable whitelist for file or directory.\n" |
| 167 | #ifdef HAVE_OUTPUT | ||
| 165 | " --output=logfile - stdout logging and log rotation.\n" | 168 | " --output=logfile - stdout logging and log rotation.\n" |
| 166 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" | 169 | " --output-stderr=logfile - stdout and stderr logging and log rotation.\n" |
| 170 | #endif | ||
| 171 | #ifdef HAVE_OVERLAYFS | ||
| 167 | " --overlay - mount a filesystem overlay on top of the current filesystem.\n" | 172 | " --overlay - mount a filesystem overlay on top of the current filesystem.\n" |
| 168 | " --overlay-named=name - mount a filesystem overlay on top of the current\n" | 173 | " --overlay-named=name - mount a filesystem overlay on top of the current\n" |
| 169 | "\tfilesystem, and store it in name directory.\n" | 174 | "\tfilesystem, and store it in name directory.\n" |
| 170 | " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" | 175 | " --overlay-tmpfs - mount a temporary filesystem overlay on top of the\n" |
| 171 | "\tcurrent filesystem.\n" | 176 | "\tcurrent filesystem.\n" |
| 172 | " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" | 177 | " --overlay-clean - clean all overlays stored in $HOME/.firejail directory.\n" |
| 178 | #endif | ||
| 173 | " --private - temporary home directory.\n" | 179 | " --private - temporary home directory.\n" |
| 174 | " --private=directory - use directory as user home.\n" | 180 | " --private=directory - use directory as user home.\n" |
| 175 | " --private-cache - temporary ~/.cache directory.\n" | 181 | " --private-cache - temporary ~/.cache directory.\n" |