Version 0.9.46

  * security: split most of networking code in a separate executable
  * security: split seccomp filter code configuration in a separate executable
  * security: split file copying in private option in a separate executable
  * feature: disable gnupg and systemd directories under /run/user
  * feature: test coverage (gcov) support
  * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
  * feature: private /opt directory (--private-opt, profile support)
  * feature: private /srv directory (--private-srv, profile support)
  * feature: spoof machine-id (--machine-id, profile support)
  * feature: allow blacklists under --private (--allow-private-blacklist,
    profile support)
  * feature: user-defined /etc/hosts file (--hosts-file, profile support)
  * feature: support for the real /var/log directory (--writable-var-log,
    profile support)
  * feature: config support for firejail prompt in terminals
  * feature: AppImage type 2 support
  * feature: pass command line arguments to appimages
  * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come
  * feature: added a number of Python scripts for handling sandboxes
  * feature: allow local customization using .local files under /etc/firejail
  * feature: follow-symlink-as-user runtime config option in
    /etc/firejail/firejail.config
  * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config
  * feature: xvfb X11 server support (--x11=xvfb)
  * feature: allow /tmp directory in mkdir and mkfile profile commands
  * feature: implemented --noblacklist command, profile support
  * feature: config support to disable access to /mnt and /media (disable-mnt)
  * feature: config support to disable join (join)
  * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
  * feature: support overlay, overlay-named and overlay-tmpfs in profile files
  * feature: allow PulseAudio sockets in --private-tmp
  * feature: --fix-sound support in firecfg
  * feature: added support for sandboxing Xpra, Xvfb and Xephyr in
    independent sandboxes when started with firejail --x11
  * feature: enable automatic X server sandboxing for --x11=xpra
    and --x11=xephyr
  * feature: support for Xpra extra params in firejail config file
  * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
  * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
  * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
  * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
  * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
  * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
  * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
  * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
  * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
  * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
  * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
  * new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
  * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
  * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
  * new profiles: Blender, 2048-qt
  * bugfixes