tag name | 0.9.46 (c09bb9e7fb6e1fa336037042d72ec5838b19c2bc) |
tag date | 2017-05-15 10:31:40 -0400 |
tagged by | netblue30 <netblue30@yahoo.com> |
tagged object | commit f66ee476eb... |
download | firejail-0.9.46.tar.gz firejail-0.9.46.tar.zst firejail-0.9.46.zip |
---|
Version 0.9.46
* security: split most of networking code in a separate executable
* security: split seccomp filter code configuration in a separate executable
* security: split file copying in private option in a separate executable
* feature: disable gnupg and systemd directories under /run/user
* feature: test coverage (gcov) support
* feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
* feature: private /opt directory (--private-opt, profile support)
* feature: private /srv directory (--private-srv, profile support)
* feature: spoof machine-id (--machine-id, profile support)
* feature: allow blacklists under --private (--allow-private-blacklist,
profile support)
* feature: user-defined /etc/hosts file (--hosts-file, profile support)
* feature: support for the real /var/log directory (--writable-var-log,
profile support)
* feature: config support for firejail prompt in terminals
* feature: AppImage type 2 support
* feature: pass command line arguments to appimages
* feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come
* feature: added a number of Python scripts for handling sandboxes
* feature: allow local customization using .local files under /etc/firejail
* feature: follow-symlink-as-user runtime config option in
/etc/firejail/firejail.config
* feature: follow-symlink-private-bin option in /etc/firejail/firejail.config
* feature: xvfb X11 server support (--x11=xvfb)
* feature: allow /tmp directory in mkdir and mkfile profile commands
* feature: implemented --noblacklist command, profile support
* feature: config support to disable access to /mnt and /media (disable-mnt)
* feature: config support to disable join (join)
* feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
* feature: support overlay, overlay-named and overlay-tmpfs in profile files
* feature: allow PulseAudio sockets in --private-tmp
* feature: --fix-sound support in firecfg
* feature: added support for sandboxing Xpra, Xvfb and Xephyr in
independent sandboxes when started with firejail --x11
* feature: enable automatic X server sandboxing for --x11=xpra
and --x11=xephyr
* feature: support for Xpra extra params in firejail config file
* new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
* new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
* new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
* new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
* new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
* new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
* new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
* new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
* new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
* new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
* new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
* new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
* new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
* new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
* new profiles: Blender, 2048-qt
* bugfixes