1 files changed, 256 insertions, 0 deletions
diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh
new file mode 100755
index 000000000..adac1de46
--- /dev/null
+++ b/platform/rpm/mkrpm.sh
@@ -0,0 +1,256 @@
+#!/bin/bash
+VERSION="0.9.26"
+rm -fr ~/rpmbuild
+rm -f firejail-$VERSION-1.x86_64.rpm
+mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}
+cat <<EOF >~/.rpmmacros
+%_topdir   %(echo $HOME)/rpmbuild
+%_tmppath  %{_topdir}/tmp
+EOF
+cd ~/rpmbuild
+echo "building directory tree"
+mkdir -p firejail-$VERSION/usr/bin
+install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.
+install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
+mkdir -p  firejail-$VERSION/usr/lib/firejail
+install -m 644 /usr/lib/firejail/libtrace.so  firejail-$VERSION/usr/lib/firejail/.
+install -m 755 /usr/lib/firejail/ftee  firejail-$VERSION/usr/lib/firejail/.
+mkdir -p firejail-$VERSION/usr/share/man/man1
+install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
+install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.
+mkdir -p firejail-$VERSION/usr/share/man/man5
+install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
+mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
+install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
+install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.
+install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
+mkdir -p firejail-$VERSION/etc/firejail
+install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
+install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
+install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
+install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
+install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
+install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
+install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
+install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
+install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
+install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
+install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
+install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
+install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
+install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
+install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
+install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
+install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
+install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
+install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
+install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
+install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
+install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
+install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
+install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
+mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
+install -m 644 /usr/share/bash-completion/completions/firejail  firejail-$VERSION/usr/share/bash-completion/completions/.
+echo "building tar.gz archive"
+tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
+cp firejail-$VERSION.tar.gz SOURCES/.
+echo "building config spec"
+cat <<EOF > SPECS/firejail.spec
+%define        __spec_install_post %{nil}
+%define          debug_package %{nil}
+%define        __os_install_post %{_dbpath}/brp-compress
+Summary: Linux namepaces sandbox program
+Name: firejail
+Version: $VERSION
+Release: 1
+License: GPL+
+Group: Development/Tools
+SOURCE0 : %{name}-%{version}.tar.gz
+URL: http://firejail.sourceforege.net
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
+%description
+Firejail  is  a  SUID sandbox program that reduces the risk of security
+breaches by restricting the running environment of untrusted applications
+using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
+%prep
+%setup -q
+%build
+%install
+rm -rf %{buildroot}
+mkdir -p  %{buildroot}
+cp -a * %{buildroot}
+%clean
+rm -rf %{buildroot}
+%files
+%defattr(-,root,root,-)
+%config(noreplace) %{_sysconfdir}/%{name}/chromium-browser.profile
+%config(noreplace) %{_sysconfdir}/%{name}/chromium.profile
+%config(noreplace) %{_sysconfdir}/%{name}/disable-mgmt.inc
+%config(noreplace) %{_sysconfdir}/%{name}/disable-secret.inc
+%config(noreplace) %{_sysconfdir}/%{name}/dropbox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/evince.profile
+%config(noreplace) %{_sysconfdir}/%{name}/firefox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/icedove.profile
+%config(noreplace) %{_sysconfdir}/%{name}/iceweasel.profile
+%config(noreplace) %{_sysconfdir}/%{name}/login.users
+%config(noreplace) %{_sysconfdir}/%{name}/midori.profile
+%config(noreplace) %{_sysconfdir}/%{name}/opera.profile
+%config(noreplace) %{_sysconfdir}/%{name}/thunderbird.profile
+%config(noreplace) %{_sysconfdir}/%{name}/transmission-gtk.profile
+%config(noreplace) %{_sysconfdir}/%{name}/transmission-qt.profile
+%config(noreplace) %{_sysconfdir}/%{name}/vlc.profile
+%config(noreplace) %{_sysconfdir}/%{name}/audacious.profile
+%config(noreplace) %{_sysconfdir}/%{name}/clementine.profile
+%config(noreplace) %{_sysconfdir}/%{name}/gnome-mplayer.profile
+%config(noreplace) %{_sysconfdir}/%{name}/rhythmbox.profile
+%config(noreplace) %{_sysconfdir}/%{name}/totem.profile
+%config(noreplace) %{_sysconfdir}/%{name}/deluge.profile
+%config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile
+%config(noreplace) %{_sysconfdir}/%{name}/generic.profile
+/usr/bin/firejail
+/usr/bin/firemon
+/usr/lib/firejail/libtrace.so
+/usr/lib/firejail/ftee
+/usr/share/doc/packages/firejail/COPYING
+/usr/share/doc/packages/firejail/README
+/usr/share/doc/packages/firejail/RELNOTES
+/usr/share/man/man1/firejail.1.gz
+/usr/share/man/man1/firemon.1.gz
+/usr/share/man/man5/firejail-profile.5.gz
+/usr/share/bash-completion/completions/firejail
+ 
+%post
+chmod u+s /usr/bin/firejail
+%changelog
+* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
+ - private dev directory
+ - private.keep option for whitelisting home files in a new private directory
+ - user namespaces support, noroot option
+ - added Deluge and qBittorent profiles
+ - bugfixes
+* Sun Apr 5 2015  netblue30 <netblue30@yahoo.com> 0.9.24-1
+ - whitelist and blacklist seccomp filters
+ - doubledash option
+ - --shell=none support
+ - netfilter file support in profile files
+ - dns server support in profile files
+ - added --dns.print option
+ - added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
+ - added --caps.drop=all in default profiles
+ - new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
+ -        clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
+ - Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
+ - two build patches from Reiner Herman (tickets 11, 12)
+ - man page patch from Reiner Herman (ticket 13)
+ - output patch (ticket 15) from sshirokov
+* Mon Mar 9 2015  netblue30 <netblue30@yahoo.com> 0.9.22-1
+ - Replaced --noip option with --ip=none
+ - Container stdout logging and log rotation
+ - Added process_vm_readv, process_vm_writev and mknod to
+     default seccomp blacklist
+ - Added CAP_MKNOD to default caps blacklist
+ - Blacklist and whitelist custom Linux capabilities filters
+ - macvlan device driver support for --net option
+ - DNS server support, --dns option
+ - Netfilter support
+ - Monitor network statistics, --netstats option
+ - Added profile for Mozilla Thunderbird/Icedove
+ - --overlay support for Linux kernels 3.18+
+ - Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
+ - Bugfix: check uid/gid for cgroup
+* Fri Feb 6 2015   netblue30 <netblue30@yahoo.com> 0.9.20-1
+ - utmp, btmp and wtmp enhancements
+ -    create empty /var/log/wtmp and /var/log/btmp files in sandbox
+ -    generate a new /var/run/utmp file in sandbox
+ - CPU affinity, --cpu option
+ - Linux control groups support, --cgroup option
+ - Opera web browser support
+ - VLC support
+ - Added "empty" attribute to seccomp command to remove the default
+ -    syscall list form seccomp blacklist
+ - Added --nogroups option to disable supplementary groups for regular
+ -   users. root user always runs without supplementary groups.
+ - firemon enhancements
+ -   display the command that started the sandbox
+ -   added --caps option to display capabilities for all sandboxes
+ -   added --cgroup option to display the control groups for all sandboxes
+ -   added --cpu option to display CPU affinity for all sandboxes
+ -   added --seccomp option to display seccomp setting for all sandboxes
+ - New compile time options: --disable-chroot, --disable-bind
+ - bugfixes
+* Sat Dec 27 2014  netblue30 <netblue30@yahoo.com> 0.9.18-1
+ - Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
+ - Support for tracing setreuid, setregid, setresuid, setresguid syscalls
+ - Added profiles for transmission-gtk and transmission-qt
+ - bugfixes
+* Tue Nov 4 2014  netblue30 <netblue30@yahoo.com> 0.9.16-1
+ - Configurable private home directory
+ - Configurable default user shell
+ - Software configuration support for --docdir and DESTDIR
+ - Profile file support for include, caps, seccomp and private keywords
+ - Dropbox profile file
+ - Linux capabilities and seccomp filters enabled by default for Firefox,
+  Midori, Evince and Dropbox
+ - bugfixes
+* Wed Oct 8 2014  netblue30 <netblue30@yahoo.com> 0.9.14-1
+ - Linux capabilities and seccomp filters are automatically enabled in 
+   chroot mode (--chroot option) if the sandbox is started as regular
+   user
+ - Added support for user defined seccomp blacklists
+ - Added syscall trace support
+ - Added --tmpfs option
+ - Added --balcklist option
+ - Added --read-only option
+ - Added --bind option
+ - Logging enhancements
+ - --overlay option was reactivated
+ - Added firemon support to print the ARP table for each sandbox
+ - Added firemon support to print the route table for each sandbox
+ - Added firemon support to print interface information for each sandbox
+ - bugfixes
+* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
+ - Added capabilities support
+ - Added support for CentOS 7
+ - bugfixes
+EOF
+echo "building rpm"
+rpmbuild -ba SPECS/firejail.spec
+rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
+cd ..
+rm -f firejail-$VERSION-1.x86_64.rpm
+cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .

diff --git a/platform/rpm/mkrpm.sh b/platform/rpm/mkrpm.sh new file mode 100755 index 000000000..adac1de46 --- /dev/null +++ b/platform/rpm/mkrpm.sh
@@ -0,0 +1,256 @@
	1	#!/bin/bash
	2	VERSION="0.9.26"
	3	rm -fr ~/rpmbuild
	4	rm -f firejail-$VERSION-1.x86_64.rpm
	5
	6	mkdir -p ~/rpmbuild/{RPMS,SRPMS,BUILD,SOURCES,SPECS,tmp}
	7	cat <<EOF >~/.rpmmacros
	8	%_topdir %(echo $HOME)/rpmbuild
	9	%_tmppath %{_topdir}/tmp
	10	EOF
	11
	12	cd ~/rpmbuild
	13	echo "building directory tree"
	14
	15	mkdir -p firejail-$VERSION/usr/bin
	16	install -m 755 /usr/bin/firejail firejail-$VERSION/usr/bin/.
	17	install -m 755 /usr/bin/firemon firejail-$VERSION/usr/bin/.
	18
	19	mkdir -p firejail-$VERSION/usr/lib/firejail
	20	install -m 644 /usr/lib/firejail/libtrace.so firejail-$VERSION/usr/lib/firejail/.
	21	install -m 755 /usr/lib/firejail/ftee firejail-$VERSION/usr/lib/firejail/.
	22
	23	mkdir -p firejail-$VERSION/usr/share/man/man1
	24	install -m 644 /usr/share/man/man1/firejail.1.gz firejail-$VERSION/usr/share/man/man1/.
	25	install -m 644 /usr/share/man/man1/firemon.1.gz firejail-$VERSION/usr/share/man/man1/.
	26
	27	mkdir -p firejail-$VERSION/usr/share/man/man5
	28	install -m 644 /usr/share/man/man5/firejail-profile.5.gz firejail-$VERSION/usr/share/man/man5/.
	29
	30	mkdir -p firejail-$VERSION/usr/share/doc/packages/firejail
	31	install -m 644 /usr/share/doc/firejail/COPYING firejail-$VERSION/usr/share/doc/packages/firejail/.
	32	install -m 644 /usr/share/doc/firejail/README firejail-$VERSION/usr/share/doc/packages/firejail/.
	33	install -m 644 /usr/share/doc/firejail/RELNOTES firejail-$VERSION/usr/share/doc/packages/firejail/.
	34
	35	mkdir -p firejail-$VERSION/etc/firejail
	36	install -m 644 /etc/firejail/chromium-browser.profile firejail-$VERSION/etc/firejail/chromium-browser.profile
	37	install -m 644 /etc/firejail/chromium.profile firejail-$VERSION/etc/firejail/chromium.profile
	38	install -m 644 /etc/firejail/dropbox.profile firejail-$VERSION/etc/firejail/dropbox.profile
	39	install -m 644 /etc/firejail/disable-secret.inc firejail-$VERSION/etc/firejail/disable-secret.inc
	40	install -m 644 /etc/firejail/disable-mgmt.inc firejail-$VERSION/etc/firejail/disable-mgmt.inc
	41	install -m 644 /etc/firejail/evince.profile firejail-$VERSION/etc/firejail/evince.profile
	42	install -m 644 /etc/firejail/firefox.profile firejail-$VERSION/etc/firejail/firefox.profile
	43	install -m 644 /etc/firejail/icedove.profile firejail-$VERSION/etc/firejail/icedove.profile
	44	install -m 644 /etc/firejail/iceweasel.profile firejail-$VERSION/etc/firejail/iceweasel.profile
	45	install -m 644 /etc/firejail/midori.profile firejail-$VERSION/etc/firejail/midori.profile
	46	install -m 644 /etc/firejail/thunderbird.profile firejail-$VERSION/etc/firejail/thunderbird.profile
	47	install -m 644 /etc/firejail/opera.profile firejail-$VERSION/etc/firejail/opera.profile
	48	install -m 644 /etc/firejail/transmission-gtk.profile firejail-$VERSION/etc/firejail/transmission-gtk.profile
	49	install -m 644 /etc/firejail/transmission-qt.profile firejail-$VERSION/etc/firejail/transmission-qt.profile
	50	install -m 644 /etc/firejail/vlc.profile firejail-$VERSION/etc/firejail/vlc.profile
	51	install -m 644 /etc/firejail/audacious.profile firejail-$VERSION/etc/firejail/audacious.profile
	52	install -m 644 /etc/firejail/clementine.profile firejail-$VERSION/etc/firejail/clementine.profile
	53	install -m 644 /etc/firejail/gnome-mplayer.profile firejail-$VERSION/etc/firejail/gnome-mplayer.profile
	54	install -m 644 /etc/firejail/rhythmbox.profile firejail-$VERSION/etc/firejail/rhythmbox.profile
	55	install -m 644 /etc/firejail/totem.profile firejail-$VERSION/etc/firejail/totem.profile
	56	install -m 644 /etc/firejail/deluge.profile firejail-$VERSION/etc/firejail/deluge.profile
	57	install -m 644 /etc/firejail/qbittorrent.profile firejail-$VERSION/etc/firejail/qbittorrent.profile
	58	install -m 644 /etc/firejail/generic.profile firejail-$VERSION/etc/firejail/generic.profile
	59	install -m 644 /etc/firejail/login.users firejail-$VERSION/etc/firejail/login.users
	60
	61	mkdir -p firejail-$VERSION/usr/share/bash-completion/completions
	62	install -m 644 /usr/share/bash-completion/completions/firejail firejail-$VERSION/usr/share/bash-completion/completions/.
	63
	64	echo "building tar.gz archive"
	65	tar -czvf firejail-$VERSION.tar.gz firejail-$VERSION
	66
	67	cp firejail-$VERSION.tar.gz SOURCES/.
	68
	69	echo "building config spec"
	70	cat <<EOF > SPECS/firejail.spec
	71	%define __spec_install_post %{nil}
	72	%define debug_package %{nil}
	73	%define __os_install_post %{_dbpath}/brp-compress
	74
	75	Summary: Linux namepaces sandbox program
	76	Name: firejail
	77	Version: $VERSION
	78	Release: 1
	79	License: GPL+
	80	Group: Development/Tools
	81	SOURCE0 : %{name}-%{version}.tar.gz
	82	URL: http://firejail.sourceforege.net
	83
	84	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
	85
	86	%description
	87	Firejail is a SUID sandbox program that reduces the risk of security
	88	breaches by restricting the running environment of untrusted applications
	89	using Linux namespaces. It includes a sandbox profile for Mozilla Firefox.
	90
	91	%prep
	92	%setup -q
	93
	94	%build
	95
	96	%install
	97	rm -rf %{buildroot}
	98	mkdir -p %{buildroot}
	99
	100	cp -a * %{buildroot}
	101
	102
	103	%clean
	104	rm -rf %{buildroot}
	105
	106
	107	%files
	108	%defattr(-,root,root,-)
	109	%config(noreplace) %{_sysconfdir}/%{name}/chromium-browser.profile
	110	%config(noreplace) %{_sysconfdir}/%{name}/chromium.profile
	111	%config(noreplace) %{_sysconfdir}/%{name}/disable-mgmt.inc
	112	%config(noreplace) %{_sysconfdir}/%{name}/disable-secret.inc
	113	%config(noreplace) %{_sysconfdir}/%{name}/dropbox.profile
	114	%config(noreplace) %{_sysconfdir}/%{name}/evince.profile
	115	%config(noreplace) %{_sysconfdir}/%{name}/firefox.profile
	116	%config(noreplace) %{_sysconfdir}/%{name}/icedove.profile
	117	%config(noreplace) %{_sysconfdir}/%{name}/iceweasel.profile
	118	%config(noreplace) %{_sysconfdir}/%{name}/login.users
	119	%config(noreplace) %{_sysconfdir}/%{name}/midori.profile
	120	%config(noreplace) %{_sysconfdir}/%{name}/opera.profile
	121	%config(noreplace) %{_sysconfdir}/%{name}/thunderbird.profile
	122	%config(noreplace) %{_sysconfdir}/%{name}/transmission-gtk.profile
	123	%config(noreplace) %{_sysconfdir}/%{name}/transmission-qt.profile
	124	%config(noreplace) %{_sysconfdir}/%{name}/vlc.profile
	125	%config(noreplace) %{_sysconfdir}/%{name}/audacious.profile
	126	%config(noreplace) %{_sysconfdir}/%{name}/clementine.profile
	127	%config(noreplace) %{_sysconfdir}/%{name}/gnome-mplayer.profile
	128	%config(noreplace) %{_sysconfdir}/%{name}/rhythmbox.profile
	129	%config(noreplace) %{_sysconfdir}/%{name}/totem.profile
	130	%config(noreplace) %{_sysconfdir}/%{name}/deluge.profile
	131	%config(noreplace) %{_sysconfdir}/%{name}/qbittorrent.profile
	132	%config(noreplace) %{_sysconfdir}/%{name}/generic.profile
	133
	134	/usr/bin/firejail
	135	/usr/bin/firemon
	136	/usr/lib/firejail/libtrace.so
	137	/usr/lib/firejail/ftee
	138	/usr/share/doc/packages/firejail/COPYING
	139	/usr/share/doc/packages/firejail/README
	140	/usr/share/doc/packages/firejail/RELNOTES
	141	/usr/share/man/man1/firejail.1.gz
	142	/usr/share/man/man1/firemon.1.gz
	143	/usr/share/man/man5/firejail-profile.5.gz
	144	/usr/share/bash-completion/completions/firejail
	145
	146	%post
	147	chmod u+s /usr/bin/firejail
	148
	149	%changelog
	150	* Thu Apr 30 2015 netblue30 <netblue30@yahoo.com> 0.9.26-1
	151	- private dev directory
	152	- private.keep option for whitelisting home files in a new private directory
	153	- user namespaces support, noroot option
	154	- added Deluge and qBittorent profiles
	155	- bugfixes
	156
	157	* Sun Apr 5 2015 netblue30 <netblue30@yahoo.com> 0.9.24-1
	158	- whitelist and blacklist seccomp filters
	159	- doubledash option
	160	- --shell=none support
	161	- netfilter file support in profile files
	162	- dns server support in profile files
	163	- added --dns.print option
	164	- added default profiles for Audoacious, Clementine, Rhythmbox and Totem.
	165	- added --caps.drop=all in default profiles
	166	- new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
	167	- clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
	168	- Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
	169	- two build patches from Reiner Herman (tickets 11, 12)
	170	- man page patch from Reiner Herman (ticket 13)
	171	- output patch (ticket 15) from sshirokov
	172
	173	* Mon Mar 9 2015 netblue30 <netblue30@yahoo.com> 0.9.22-1
	174	- Replaced --noip option with --ip=none
	175	- Container stdout logging and log rotation
	176	- Added process_vm_readv, process_vm_writev and mknod to
	177	default seccomp blacklist
	178	- Added CAP_MKNOD to default caps blacklist
	179	- Blacklist and whitelist custom Linux capabilities filters
	180	- macvlan device driver support for --net option
	181	- DNS server support, --dns option
	182	- Netfilter support
	183	- Monitor network statistics, --netstats option
	184	- Added profile for Mozilla Thunderbird/Icedove
	185	- --overlay support for Linux kernels 3.18+
	186	- Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
	187	- Bugfix: check uid/gid for cgroup
	188
	189	* Fri Feb 6 2015 netblue30 <netblue30@yahoo.com> 0.9.20-1
	190	- utmp, btmp and wtmp enhancements
	191	- create empty /var/log/wtmp and /var/log/btmp files in sandbox
	192	- generate a new /var/run/utmp file in sandbox
	193	- CPU affinity, --cpu option
	194	- Linux control groups support, --cgroup option
	195	- Opera web browser support
	196	- VLC support
	197	- Added "empty" attribute to seccomp command to remove the default
	198	- syscall list form seccomp blacklist
	199	- Added --nogroups option to disable supplementary groups for regular
	200	- users. root user always runs without supplementary groups.
	201	- firemon enhancements
	202	- display the command that started the sandbox
	203	- added --caps option to display capabilities for all sandboxes
	204	- added --cgroup option to display the control groups for all sandboxes
	205	- added --cpu option to display CPU affinity for all sandboxes
	206	- added --seccomp option to display seccomp setting for all sandboxes
	207	- New compile time options: --disable-chroot, --disable-bind
	208	- bugfixes
	209
	210	* Sat Dec 27 2014 netblue30 <netblue30@yahoo.com> 0.9.18-1
	211	- Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
	212	- Support for tracing setreuid, setregid, setresuid, setresguid syscalls
	213	- Added profiles for transmission-gtk and transmission-qt
	214	- bugfixes
	215
	216	* Tue Nov 4 2014 netblue30 <netblue30@yahoo.com> 0.9.16-1
	217	- Configurable private home directory
	218	- Configurable default user shell
	219	- Software configuration support for --docdir and DESTDIR
	220	- Profile file support for include, caps, seccomp and private keywords
	221	- Dropbox profile file
	222	- Linux capabilities and seccomp filters enabled by default for Firefox,
	223	Midori, Evince and Dropbox
	224	- bugfixes
	225
	226	* Wed Oct 8 2014 netblue30 <netblue30@yahoo.com> 0.9.14-1
	227	- Linux capabilities and seccomp filters are automatically enabled in
	228	chroot mode (--chroot option) if the sandbox is started as regular
	229	user
	230	- Added support for user defined seccomp blacklists
	231	- Added syscall trace support
	232	- Added --tmpfs option
	233	- Added --balcklist option
	234	- Added --read-only option
	235	- Added --bind option
	236	- Logging enhancements
	237	- --overlay option was reactivated
	238	- Added firemon support to print the ARP table for each sandbox
	239	- Added firemon support to print the route table for each sandbox
	240	- Added firemon support to print interface information for each sandbox
	241	- bugfixes
	242
	243	* Tue Sep 16 2014 netblue30 <netblue30@yahoo.com> 0.9.12-1
	244	- Added capabilities support
	245	- Added support for CentOS 7
	246	- bugfixes
	247
	248	EOF
	249
	250	echo "building rpm"
	251	rpmbuild -ba SPECS/firejail.spec
	252	rpm -qpl RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm
	253	cd ..
	254	rm -f firejail-$VERSION-1.x86_64.rpm
	255	cp rpmbuild/RPMS/x86_64/firejail-$VERSION-1.x86_64.rpm .
	256