From 70d1b463a04867e2ede3da284a5209d190458d84 Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Mon, 29 Aug 2016 11:56:34 -0400
Subject: 0.9.42~rc3 starting

---
 RELNOTES          |  1 +
 configure         | 18 +++++++++---------
 configure.ac      |  2 +-
 src/firejail/fs.c | 10 ++++------
 todo              |  3 +++
 5 files changed, 18 insertions(+), 16 deletions(-)

diff --git a/RELNOTES b/RELNOTES
index 25f4c31c9..62171af35 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -40,6 +40,7 @@ firejail (0.9.42~rc2) baseline; urgency=low
   * profiles: Atom Beta, Atom, jitsi, eom, uudeview
   * profiles: tar (gtar), unzip, unrar, file, skypeforlinux,
   * profiles: inox, Slack, gnome-chess. Gajim IM client
+  * bugfixes
  -- netblue30 <netblue30@yahoo.com>  Thu, 26 Aug 2016 08:00:00 -0500
 
 firejail (0.9.40) baseline; urgency=low
diff --git a/configure b/configure
index 5505b01c2..3f9d0fc42 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for firejail 0.9.42~rc2.
+# Generated by GNU Autoconf 2.69 for firejail 0.9.42~rc3.
 #
 # Report bugs to <netblue30@yahoo.com>.
 #
@@ -580,8 +580,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='firejail'
 PACKAGE_TARNAME='firejail'
-PACKAGE_VERSION='0.9.42~rc2'
-PACKAGE_STRING='firejail 0.9.42~rc2'
+PACKAGE_VERSION='0.9.42~rc3'
+PACKAGE_STRING='firejail 0.9.42~rc3'
 PACKAGE_BUGREPORT='netblue30@yahoo.com'
 PACKAGE_URL='http://firejail.wordpress.com'
 
@@ -1257,7 +1257,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures firejail 0.9.42~rc2 to adapt to many kinds of systems.
+\`configure' configures firejail 0.9.42~rc3 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1318,7 +1318,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of firejail 0.9.42~rc2:";;
+     short | recursive ) echo "Configuration of firejail 0.9.42~rc3:";;
    esac
   cat <<\_ACEOF
 
@@ -1421,7 +1421,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-firejail configure 0.9.42~rc2
+firejail configure 0.9.42~rc3
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1723,7 +1723,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by firejail $as_me 0.9.42~rc2, which was
+It was created by firejail $as_me 0.9.42~rc3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -4294,7 +4294,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by firejail $as_me 0.9.42~rc2, which was
+This file was extended by firejail $as_me 0.9.42~rc3, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -4348,7 +4348,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-firejail config.status 0.9.42~rc2
+firejail config.status 0.9.42~rc3
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 2a5bd5e54..67b74e723 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT(firejail, 0.9.42~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com)
+AC_INIT(firejail, 0.9.42~rc3, netblue30@yahoo.com, , http://firejail.wordpress.com)
 AC_CONFIG_SRCDIR([src/firejail/main.c])
 #AC_CONFIG_HEADERS([config.h])
 
diff --git a/src/firejail/fs.c b/src/firejail/fs.c
index 27c69d0e1..855ebad7b 100644
--- a/src/firejail/fs.c
+++ b/src/firejail/fs.c
@@ -647,10 +647,6 @@ void fs_proc_sys_dev_boot(void) {
 	disable_file(BLACKLIST_FILE, "/sys/kernel/vmcoreinfo");
 	disable_file(BLACKLIST_FILE, "/sys/kernel/uevent_helper");
 
-//	if (mount("sysfs", "/sys", "sysfs", MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REC, NULL) < 0)
-//		errExit("mounting /sys");
-
-
 	// various /proc/sys files
 	disable_file(BLACKLIST_FILE, "/proc/sys/security");	
 	disable_file(BLACKLIST_FILE, "/proc/sys/efi/vars");	
@@ -661,7 +657,6 @@ void fs_proc_sys_dev_boot(void) {
 	disable_file(BLACKLIST_FILE, "/proc/sys/kernel/hotplug");
 	disable_file(BLACKLIST_FILE, "/proc/sys/vm/panic_on_oom");
 
-
 	// various /proc files
 	disable_file(BLACKLIST_FILE, "/proc/irq");
 	disable_file(BLACKLIST_FILE, "/proc/bus");
@@ -674,7 +669,10 @@ void fs_proc_sys_dev_boot(void) {
 	disable_file(BLACKLIST_FILE, "/proc/mem");
 	disable_file(BLACKLIST_FILE, "/proc/kmem");
 	
-	// disable /boot
+	// remove kernel symbol information
+	disable_file(BLACKLIST_FILE, "/usr/src/linux");
+	disable_file(BLACKLIST_FILE, "/lib/modules");
+	disable_file(BLACKLIST_FILE, "/usr/lib/debug");
 	disable_file(BLACKLIST_FILE, "/boot");
 	
 	// disable /selinux
diff --git a/todo b/todo
index c2a450778..6fe7c5e6f 100644
--- a/todo
+++ b/todo
@@ -268,3 +268,6 @@ also check --apparmor in this case
 25. fix firemon and firetools on systems with hidepid=2
 
 sudo mount -o remount,rw,hidepid=2 /proc
+
+26. mupdf profile
+
-- 
cgit v1.2.3-70-g09d2