From 957713cc3628a65fc01bbfafe866baf3842810d9 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 7 Sep 2017 10:22:10 -0400 Subject: 0.9.51 development starting --- README.md | 129 ++--------------------------------------------------------- RELNOTES | 6 ++- configure | 18 ++++----- configure.ac | 2 +- 4 files changed, 18 insertions(+), 137 deletions(-) diff --git a/README.md b/README.md index 26b76361e..26055300b 100644 --- a/README.md +++ b/README.md @@ -96,131 +96,8 @@ Use this issue to request new profiles: [#1139](https://github.com/netblue30/fir ````` ````` -# Current development version: 0.9.49 +# 0.9.50 release pending -## Travis-CI integration +Development moved on 0.9.50-bugfixes branch: https://github.com/netblue30/firejail/tree/0.9.50-bugfixes -Check the status of the latest build here: https://travis-ci.org/netblue30/firejail - -## New command options: -````` - --disable-mnt - Disable /mnt, /media, /run/mount and /run/media access. - - Example: - $ firejail --disable-mnt firefox - - --xephyr-screen=WIDTHxHEIGHT - Set screen size for --x11=xephyr. The setting will overwrite the - default set in /etc/firejail/firejail.config for the current - sandbox. Run xrandr to get a list of supported resolutions on - your computer. - - Example: - $ firejail --net=eth0 --x11=xephyr --xephyr-screen=640x480 fire‐ - fox - - --output-stderr=logfile - Similar to --output, but stderr is also stored. - - --notv Disable DVB (Digital Video Broadcasting) TV devices. - - Example: - $ firejail --notv vlc - - --nodvd - Disable DVD and audio CD devices. - - Example: - $ firejail --nodvd - - --memory-deny-write-execute - Install a seccomp filter to block attempts to create memory - mappings that are both writable and executable, to change map‐ - pings to be executable or to create executable shared memory. - - --private-lib=file,directory - This feature is currently under heavy development. Only amd64 - platforms are supported at this moment. The idea is to build a - new /lib in a temporary filesystem, with only the library files - necessary to run the application. It could be as simple as: - - $ firejail --private-lib galculator - - but it gets complicated really fast: - - $ firejail --private-lib=x86_64-linux-gnu/xed,x86_64-linux- - gnu/gdk-pixbuf-2.0,libenchant.so.1,librsvg-2.so.2 xed - - The feature is integrated with --private-bin: - - $ firejail --private-lib --private-bin=bash,ls,ps - $ ls /lib - ld-linux-x86-64.so.2 libgpg-error.so.0 libprocps.so.6 libsys‐ - temd.so.0 - libc.so.6 liblz4.so.1 libpthread.so.0 libtinfo.so.5 - libdl.so.2 liblzma.so.5 librt.so.1 x86_64-linux-gnu - libgcrypt.so.20 libpcre.so.3 libselinux.so.1 - $ ps - PID TTY TIME CMD - 1 pts/0 00:00:00 firejail - 45 pts/0 00:00:00 bash - 48 pts/0 00:00:00 ps - $ - - --seccomp.block_secondary - Enable seccomp filter and filter system call architectures so - that only the native architecture is allowed. For example, on - amd64, i386 and x32 system calls are blocked as well as chang‐ - ing the execution domain with personality(2) system call. - - --profile.print=name|pid - Print the name of the profile file for the sandbox identified - by name or or PID. - - Example: - $ firejail --profile.print=browser - /etc/firejail/firefox.profile - - -````` - -## /etc/firejail/firejail.config - -````` -# Number of ARP probes sent when assigning an IP address for --net option, -# default 2. This is a partial implementation of RFC 5227. A 0.5 seconds -# timeout is implemented for each probe. Increase this number to 4 if your -# local layer 2 network uses RSTP (IEEE 802.1w). Permitted values are -# between 1 and 30. -# arp-probes 2 - -# Enable this option if you have a version of Xpra that supports --attach switch -# for start command, default disabled. -# xpra-attach no - - -````` - - -## Default seccomp list update - -The following syscalls have been added: -afs_syscall, bdflush, break, ftime, getpmsg, gtty, lock, mpx, pciconfig_iobase, pciconfig_read, -pciconfig_write, prof, profil, putpmsg, rtas, s390_runtime_instr, s390_mmio_read, s390_mmio_write, -security, setdomainname, sethostname, sgetmask, ssetmask, stty, subpage_prot, switch_endian, -ulimit, vhangup, vserver. This brings us to a total of 91 syscalls blacklisted by default. - -get_mempolicy syscall was temporarily removed from the default seccomp list. It seems to break -playing youtube videos on Firefox Nightly. - - - -## New profiles: - -curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, -IntelliJ IDEA, Android Studio, electron, riot-web, -Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux, -telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, -remmina, sdat2img, soundconverter, sqlitebrowse, truecraft, gnome-twitch, tuxguitar, -musescore, neverball, Yandex Browser, minetest +# Current development version: 0.9.51 diff --git a/RELNOTES b/RELNOTES index 47b337c2f..eea0d4a3a 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,5 +1,9 @@ -firejail (0.9.50~rc1) baseline; urgency=low +firejail (0.9.51) baseline; urgency=low * work in progress! + -- netblue30 Mon, 12 Jun 2017 20:00:00 -0500 + +firejail (0.9.50~rc1) baseline; urgency=low + * release pending! * modif: --output split in two commands, --output and --output-stderr * feature: per-profile disable-mnt (--disable-mnt) * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) diff --git a/configure b/configure index 2f14e0a83..e1cc0147f 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for firejail 0.9.50~rc2. +# Generated by GNU Autoconf 2.69 for firejail 0.9.51. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='firejail' PACKAGE_TARNAME='firejail' -PACKAGE_VERSION='0.9.50~rc2' -PACKAGE_STRING='firejail 0.9.50~rc2' +PACKAGE_VERSION='0.9.51' +PACKAGE_STRING='firejail 0.9.51' PACKAGE_BUGREPORT='netblue30@yahoo.com' PACKAGE_URL='http://firejail.wordpress.com' @@ -1276,7 +1276,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures firejail 0.9.50~rc2 to adapt to many kinds of systems. +\`configure' configures firejail 0.9.51 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1338,7 +1338,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of firejail 0.9.50~rc2:";; + short | recursive ) echo "Configuration of firejail 0.9.51:";; esac cat <<\_ACEOF @@ -1446,7 +1446,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -firejail configure 0.9.50~rc2 +firejail configure 0.9.51 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1748,7 +1748,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by firejail $as_me 0.9.50~rc2, which was +It was created by firejail $as_me 0.9.51, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4367,7 +4367,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by firejail $as_me 0.9.50~rc2, which was +This file was extended by firejail $as_me 0.9.51, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -4421,7 +4421,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -firejail config.status 0.9.50~rc2 +firejail config.status 0.9.51 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index b9f3cbde9..e06512665 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.68]) -AC_INIT(firejail, 0.9.50~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) +AC_INIT(firejail, 0.9.51, netblue30@yahoo.com, , http://firejail.wordpress.com) AC_CONFIG_SRCDIR([src/firejail/main.c]) #AC_CONFIG_HEADERS([config.h]) -- cgit v1.2.3-54-g00ecf