From 15759cb51cf1a5fd2edfa9a386b86759b0a30888 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 28 Dec 2021 13:55:47 -0500 Subject: updates --- README | 2 ++ RELNOTES | 1 + src/fnettrace/fnettrace.h | 19 +++++++++++++++++++ src/fnettrace/main.c | 19 +++++++++++++++++++ src/man/firejail-profile.txt | 5 +++++ 5 files changed, 46 insertions(+) diff --git a/README b/README index 97d47a857..e3b1f223a 100644 --- a/README +++ b/README @@ -564,6 +564,7 @@ Jose Riha (https://github.com/jose1711) - drop noinput for games with gampad/joystick support - goldendict profile fix - whitelist /usr/share/nextcloud to allow access to translation files + - fix clipgrab profile jrabe (https://github.com/jrabe) - disallow access to kdbx files - Epiphany profile @@ -1108,6 +1109,7 @@ Vladislav Nepogodin (https://github.com/vnepogodin) - CachyBrowser profile Hugo Osvaldo Barrera (https://github.com/WhyNotHugo) - Skype profile tweaks + - whitelist-ro command xee5ch (https://github.com/xee5ch) - skypeforlinux profile York Zhao (https://github.com/YorkZ) diff --git a/RELNOTES b/RELNOTES index d0211ce27..71dde7020 100644 --- a/RELNOTES +++ b/RELNOTES @@ -6,6 +6,7 @@ firejail (0.9.67) baseline; urgency=low --deterministic-shutdown) (#4635) * noprinters command (#4607) * network monitor (--nettrace) + * whitelist-ro profile command * build: firecfg.config is now installed to /etc/firejail/ (#4669) * removed --disable-whitelist at compile time * removed whitelist=yes/no in /etc/firejail/firejail.config diff --git a/src/fnettrace/fnettrace.h b/src/fnettrace/fnettrace.h index 9c34e17ca..699382838 100644 --- a/src/fnettrace/fnettrace.h +++ b/src/fnettrace/fnettrace.h @@ -1,3 +1,22 @@ +/* + * Copyright (C) 2014-2021 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ #ifndef FNETTRACE_H #define FNETTRACE_H diff --git a/src/fnettrace/main.c b/src/fnettrace/main.c index f036d0c9e..9cbdc290d 100644 --- a/src/fnettrace/main.c +++ b/src/fnettrace/main.c @@ -1,3 +1,22 @@ +/* + * Copyright (C) 2014-2021 Firejail Authors + * + * This file is part of firejail project + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ #include "fnettrace.h" #define MAX_BUF_SIZE (64 * 1024) diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 9c251ec34..e35f2837b 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -436,6 +436,11 @@ all directories in /usr. .br Symbolic link handling: with the exception of user home, both the link and the real file should be in the same top directory. For user home, both the link and the real file should be owned by the user. + +.TP +\fBwhitelist-ro file_or_directory +Equivalent to "whitelist file_or_directory" followed by "read-only file_or_directory" + .TP \fBwritable-etc Mount /etc directory read-write. -- cgit v1.2.3-54-g00ecf