7 files changed, 30 insertions, 22 deletions

diff --git a/RELNOTES b/RELNOTES
index dca08ef02..6275c77b6 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,6 +3,7 @@ firejail (0.9.37) baseline; urgency=low
   * --join command enhancement (--join-network, --join-filesystem)
   * added --user command
   * added --disable-network and --disable-userns compile time flags
+  * Centos 6 support
   * symlink invocation
   * added KMail, Seamonkey, Telegram, Mathematica, uGet profiles
   * --chroot in user mode allowed only if seccomp support is available
@@ -11,7 +12,7 @@ firejail (0.9.37) baseline; urgency=low
   * --tmpfs option allowed only running as root
   * added --private-tmp option
   * bugfixes
- -- netblue30 <netblue30@yahoo.com>  Sun,  24 Jan 2016 20:00:00 -0500
+ -- netblue30 <netblue30@yahoo.com>  Fri,  29 Jan 2016 20:00:00 -0500
 
 firejail (0.9.36) baseline; urgency=low
   * added  unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat,
diff --git a/configure b/configure
index ea7812f63..4d93535bd 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.37.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.38-rc1.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.37'
-PACKAGE_STRING='firejail 0.9.37'
+PACKAGE_VERSION='0.9.38-rc1'
+PACKAGE_STRING='firejail 0.9.38-rc1'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.wordpress.com'
 
@@ -1242,7 +1242,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.37 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.38-rc1 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1303,7 +1303,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.37:";;
+     short | recursive ) echo "Configuration of firejail 0.9.38-rc1:";;
    esac
   cat <<\_ACEOF
 
@@ -1395,7 +1395,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.37
+firejail configure 0.9.38-rc1
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1697,7 +1697,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.37, which was
+It was created by firejail $as_me 0.9.38-rc1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4140,7 +4140,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.37, which was
+This file was extended by firejail $as_me 0.9.38-rc1, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4194,7 +4194,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.37
+firejail config.status 0.9.38-rc1
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 5cd3ef6f0..c605ba01d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.37, netblue30@yahoo.com, , http://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.38-rc1, netblue30@yahoo.com, , http://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
diff --git a/etc/disable-common.inc b/etc/disable-common.inc
index b470928e7..f38c751af 100644
--- a/etc/disable-common.inc
+++ b/etc/disable-common.inc
@@ -120,3 +120,10 @@ read-only ${HOME}/.xmonad
 # The user ~/bin directory can override commands such as ls
 read-only ${HOME}/bin
 
+# disable terminals running as server
+blacklist ${PATH}/lxterminal
+blacklist ${PATH}/gnome-terminal
+blacklist ${PATH}/gnome-terminal.wrapper
+blacklist ${PATH}/xfce4-terminal
+blacklist ${PATH}/xfce4-terminal.wrapper
+blacklist ${PATH}/konsole
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index b0add91e2..164e3368b 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -963,7 +963,7 @@ void fs_private_tmp(void) {
         // mount tmpfs on top of /run/firejail/mnt
         if (arg_debug)
                 printf("Mounting tmpfs on /tmp directory\n");
-        if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+        if (mount("tmpfs", "/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                 errExit("mounting /tmp/firejail/mnt");
 }
 
diff --git a/src/firejail/fs_dev.c b/src/firejail/fs_dev.c
index 0407b0626..97ee9de55 100644
--- a/src/firejail/fs_dev.c
+++ b/src/firejail/fs_dev.c
@@ -105,7 +105,7 @@ void fs_private_dev(void){
         }
 
         // mount tmpfs on top of /dev
-        if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+        if (mount("tmpfs", "/dev", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=755,gid=0") < 0)
                 errExit("mounting /dev");
         fs_logger("mount tmpfs on /dev");
 
@@ -139,12 +139,12 @@ void fs_private_dev(void){
         // create /dev/shm
         if (arg_debug)
                 printf("Create /dev/shm directory\n");
-        rv = mkdir("/dev/shm", 0777);
+        rv = mkdir("/dev/shm", 01777);
         if (rv == -1)
                 errExit("mkdir");
         if (chown("/dev/shm", 0, 0) < 0)
                 errExit("chown");
-        if (chmod("/dev/shm", 0777) < 0)
+        if (chmod("/dev/shm", 01777) < 0)
                 errExit("chmod");
         fs_logger("mkdir /dev/shm");
 
@@ -201,7 +201,7 @@ void fs_dev_shm(void) {
         if (is_dir("/dev/shm")) {
                 if (arg_debug)
                         printf("Mounting tmpfs on /dev/shm\n");
-                if (mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                if (mount("tmpfs", "/dev/shm", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                         errExit("mounting /dev/shm");
                 fs_logger("mount tmpfs on /dev/shm");
         }
@@ -210,16 +210,16 @@ void fs_dev_shm(void) {
                 if (lnk) {
                         if (!is_dir(lnk)) {
                                 // create directory
-                                if (mkdir(lnk, 0777))
+                                if (mkdir(lnk, 01777))
                                         errExit("mkdir");
                                 if (chown(lnk, 0, 0))
                                         errExit("chown");
-                                if (chmod(lnk, 0777))
+                                if (chmod(lnk, 01777))
                                         errExit("chmod");
                         }
                         if (arg_debug)
                                 printf("Mounting tmpfs on %s on behalf of /dev/shm\n", lnk);
-                        if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                        if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                                 errExit("mounting /var/tmp");
                         fs_logger3("mount tmpfs on", lnk, "on behalf of /dev/shm");
                         free(lnk);
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c
index def718720..fe11bd5b5 100644
--- a/src/firejail/fs_var.c
+++ b/src/firejail/fs_var.c
@@ -268,7 +268,7 @@ void fs_var_lock(void) {
         if (is_dir("/var/lock")) {
                 if (arg_debug)
                         printf("Mounting tmpfs on /var/lock\n");
-                if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                if (mount("tmpfs", "/var/lock", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                         errExit("mounting /lock");
                 fs_logger("mount tmpfs on /var/lock");
         }
@@ -286,7 +286,7 @@ void fs_var_lock(void) {
                         }
                         if (arg_debug)
                                 printf("Mounting tmpfs on %s on behalf of /var/lock\n", lnk);
-                        if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                        if (mount("tmpfs", lnk, "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                                 errExit("mounting /var/lock");
                         free(lnk);
                         fs_logger("mount tmpfs on /var/lock");
@@ -304,7 +304,7 @@ void fs_var_tmp(void) {
                 if (!is_link("/var/tmp")) {
                         if (arg_debug)
                                 printf("Mounting tmpfs on /var/tmp\n");
-                        if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=777,gid=0") < 0)
+                        if (mount("tmpfs", "/var/tmp", "tmpfs", MS_NOSUID | MS_STRICTATIME | MS_REC,  "mode=1777,gid=0") < 0)
                                 errExit("mounting /var/tmp");
                         fs_logger("mount tmpfs on /var/tmp");
                 }