From 1ebdf894c675925109031b3fbb859478a2ece566 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Fri, 16 Oct 2020 18:51:37 +0200
Subject: Allow --tmpfs inside $HOME for unprivileged users

--tmpfs was added in 0.9.14 and restricted to root only in 0.9.38
due to priv-esc CVE-2016-10117 (e.g. --tmpfs=/etc and modify
/etc/sudoers). This commit reintroduce it for normal users, if the
realpath of it is inside users-home.
---
 RELNOTES | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'RELNOTES')

diff --git a/RELNOTES b/RELNOTES
index f38b42c4b..d9036898f 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,3 +1,6 @@
+firejail (0.9.65) baseline; urgency=low
+  * allow --tmpfs inside $HOME for unprivileged users
+
 firejail (0.9.64) baseline; urgency=low
   * replaced --nowrap option with --wrap in firemon
   * The blocking action of seccomp filters has been changed from
-- 
cgit v1.2.3-54-g00ecf