From 83781d0de57e584077848a7b19f291b1d9d9d604 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Tue, 1 Sep 2015 11:45:23 -0400 Subject: testing, admin work --- README | 6 ++++-- RELNOTES | 4 ++-- etc/qbittorrent.profile | 2 +- src/man/firejail-profile.txt | 2 ++ src/man/firejail.txt | 4 ++++ test/profile_syntax2.exp | 4 ++-- test/seccomp-debug.exp | 10 +++------- todo | 5 ++++- 8 files changed, 22 insertions(+), 15 deletions(-) diff --git a/README b/README index 7d79e7be7..206655487 100644 --- a/README +++ b/README @@ -21,6 +21,10 @@ Peter Millerchip (https://github.com/pmillerchip) - support for files and directories starting with ~ in blacklist option - support for files and directories with spaces in blacklist option - lots of other fixes +sarneaud (https://github.com/sarneaud) + - rewrite globbing code to fix various minor issues + - added noblacklist command for profile files + - various enhancements and bug fixes Patrick Toomey (http://sourceforge.net/u/ptoomey/profile/) - user namespace implementation Reiner Herrmann - a number of build patches, man page fixes, Debian integration @@ -39,7 +43,5 @@ mjudtmann (https://github.com/mjudtmann) - lock firejail configuration in disable-mgmt.inc iiotx (https://github.com/iiotx) - use generci.profile by default -sarneaud (https://github.com/sarneaud) - - rewrite globbing code to fix various minor issues Copyright (C) 2014, 2015 Firejail Authors diff --git a/RELNOTES b/RELNOTES index e580fb878..b2a63e400 100644 --- a/RELNOTES +++ b/RELNOTES @@ -8,8 +8,8 @@ firejail (0.9.29) baseline; urgency=low * --private.keep is transitioned to --private-home * support ~ and blanks in blacklist option * support "net none" command in profile files - * added "net none" to Evince PDF viewer - * using /etc/firejail/generic.profile by default + * using /etc/firejail/generic.profile by default for user sessions + * using /etc/firejail/server.profile by default for root sessions * bugfixes -- netblue30 Mon, 24 Aug 2015 20:25:00 -0500 diff --git a/etc/qbittorrent.profile b/etc/qbittorrent.profile index 71ddff631..dd7be997c 100644 --- a/etc/qbittorrent.profile +++ b/etc/qbittorrent.profile @@ -1,4 +1,4 @@ -# abittorrent profile +# qbittorrent profile include /etc/firejail/disable-mgmt.inc include /etc/firejail/disable-secret.inc include /etc/firejail/disable-common.inc diff --git a/src/man/firejail-profile.txt b/src/man/firejail-profile.txt index 64565ab0b..1473c5889 100644 --- a/src/man/firejail-profile.txt +++ b/src/man/firejail-profile.txt @@ -80,6 +80,8 @@ file in user home directory. Example: "include ${HOME}/myprofiles/profile1" will load "~/myprofiles/profile1" file. +Note: exclude-token is deprecated, use noblacklist command instead. + .TP # this is a comment diff --git a/src/man/firejail.txt b/src/man/firejail.txt index 62176b84f..cfd00456b 100644 --- a/src/man/firejail.txt +++ b/src/man/firejail.txt @@ -704,6 +704,10 @@ Example: .br $ firejail \-\-private=/home/netblue/firefox-home firefox +.TP +\fB\-\-private-keep=file,directory +This option is deprecated, use private-home instead + .TP \fB\-\-private-home=file,directory Build a new user home in a temporary diff --git a/test/profile_syntax2.exp b/test/profile_syntax2.exp index cd514aa0e..7c5d1b5cd 100755 --- a/test/profile_syntax2.exp +++ b/test/profile_syntax2.exp @@ -28,11 +28,11 @@ expect { } expect { timeout {puts "TESTING ERROR 5\n";exit} - "Initialize seccomp filter" + "SECCOMP Filter" } expect { timeout {puts "TESTING ERROR 6\n";exit} - "Blacklisting syscall" + "BLACKLIST" } expect { timeout {puts "TESTING ERROR 7\n";exit} diff --git a/test/seccomp-debug.exp b/test/seccomp-debug.exp index a7b89912a..1034f040e 100755 --- a/test/seccomp-debug.exp +++ b/test/seccomp-debug.exp @@ -7,11 +7,7 @@ match_max 100000 send -- "firejail --seccomp --debug\r" expect { timeout {puts "TESTING ERROR 0\n";exit} - "Blacklisting syscall" -} -expect { - timeout {puts "TESTING ERROR 1\n";exit} - "open_by_handle_at" + "SECCOMP Filter" } expect { timeout {puts "TESTING ERROR 2\n";exit} @@ -28,5 +24,5 @@ expect { sleep 2 send -- "exit\r" -sleep 1 -puts "\n" +after 100 +puts "all done\n" diff --git a/todo b/todo index 4c90af913..badaf7c66 100644 --- a/todo +++ b/todo @@ -27,5 +27,8 @@ Warning: failed to unmount /sys Child process initialized $ -3. default.profile creating problems for --chroot, --overlay, --private-home +3. Remove private.keep in 0.9.34 release (deprecated in 0.9.30) + +4. Remove exclude-token from profile include in 0.9.34 (deprecated in 0.9.30) + -- cgit v1.2.3-70-g09d2