Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
firejail.15764
firejail.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File firejail.changes of Package firejail.15764
------------------------------------------------------------------- Tue Feb 9 21:08:15 UTC 2021 - Sebastian Wagner <sebix+novell.com@sebix.at> - Bring firejail 0.9.64.4 to Leap 15.2 - fixes boo#1181990 - fixes CVE-2021-26910 ------------------------------------------------------------------- Sun Feb 7 23:09:58 UTC 2021 - Илья Индиго <ilya@ilya.pp.ua> - Update to 0.9.64.4: * disabled overlayfs, pending multiple fixes * fixed launch firefox for open url in telegram-desktop.profile ------------------------------------------------------------------- Thu Jan 28 18:35:06 UTC 2021 - Илья Индиго <ilya@ilya.pp.ua> - Update to 0.9.64.2: * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option * allow AF_BLUETOOTH via --protocol=bluetooth * setup guide for new users: contrib/firejail-welcome.sh * implement netns in profiles * added nolocal6.net IPv6 network filter * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM. ------------------------------------------------------------------- Mon Nov 2 19:44:51 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at> - packaging fixes ------------------------------------------------------------------- Sun Nov 1 16:58:56 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at> - Update to version 0.9.64: * replaced --nowrap option with --wrap in firemon * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * --include on the command line * splitting up media players whitelists in whitelist-players.inc * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird * new profiles: freetube, strawberry, jitsi-meet-desktop * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send * new profiles: qrencode, ytmdesktop, twitch * new profiles: xournalpp, chromium-freeworld, equalx - remove firejail-0.9.62-fix-usr-etc.patch, included upstream - remove firejail-apparmor-3.0.diff, included upstream ------------------------------------------------------------------- Mon Oct 26 22:34:02 UTC 2020 - Christian Boltz <suse-beta@cboltz.de> - Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with AppArmor 3.0 (add missing include <tunables/global>) ------------------------------------------------------------------- Wed Aug 19 06:15:16 UTC 2020 - Paolo Stivanin <info@paolostivanin.com> - Update to 0.9.62.4 * fix AppArmor broken in the previous release * miscellaneous fixes ------------------------------------------------------------------- Thu Aug 13 06:13:57 UTC 2020 - Paolo Stivanin <info@paolostivanin.com> - Update to 0.9.62.2 * fix CVE-2020-17367 * fix CVE-2020-17368 * additional hardening and bug fixes - Remove fix-CVE-2020-17368.patch - Remove fix-CVE-2020-17367.patch ------------------------------------------------------------------- Sat Aug 8 16:56:43 UTC 2020 - Sebastian Wagner <sebix+novell.com@sebix.at> - Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986 ------------------------------------------------------------------- Wed Apr 29 11:30:38 UTC 2020 - Michael Vetter <mvetter@suse.com> - Add firejail-0.9.62-fix-usr-etc.patch: Check /usr/etc not just /etc - Replace python interpreter line in sort.py ------------------------------------------------------------------- Tue Feb 11 22:32:46 UTC 2020 - Marcus Rueckert <mrueckert@suse.de> - update to version 0.9.62 * added file-copy-limit in /etc/firejail/firejail.config * profile templates (/usr/share/doc/firejail) * allow-debuggers support in profiles * several seccomp enhancements * compiler flags autodetection * move chroot entirely from path based to file descriptor based mounts * whitelisting /usr/share in a large number of profiles * new scripts in conrib: gdb-firejail.sh and sort.py * enhancement: whitelist /usr/share in some profiles * added signal mediation to apparmor profile * new conditions: HAS_X11, HAS_NET * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc * new profiles: electron-mail, gist, gist-paste ------------------------------------------------------------------- Sun Jun 2 16:30:42 UTC 2019 - Sebastian Wagner <sebix+novell.com@sebix.at> - update to version 0.9.60: * security bug reported by Austin Morton: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. CVE-2019-12589 boo#1137139 * memory-deny-write-execute now also blocks memfd_create * add private-cwd option to control working directory within jail * blocking system D-Bus socket with --nodbus * bringing back Centos 6 support * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool * new profiles: netactview, redshift, devhelp, assogiate, subdownloader * new profiles: font-manager, exfalso, gconf-editor, dconf-editor * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata ------------------------------------------------------------------- Fri Feb 1 07:29:32 UTC 2019 - info@paolostivanin.com - update to version 0.9.58: * --disable-mnt rework * --net.print command * GitLab CI/CD integration: disto specific builds * profile parser enhancements and conditional handling support for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F * profile name support * added explicit nonewprivs support to join option * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms * new profiles: devilspie, devilspie2, easystroke, github-desktop, min * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland * new profiles: supertuxkart, ghostwriter, gajim-history-manager * bugfixes ------------------------------------------------------------------- Sat Sep 22 09:11:21 UTC 2018 - Sebastian Wagner <sebix+novell.com@sebix.at> - update to version 0.9.56: * modif: removed CFG_CHROOT_DESKTOP configuration option * modif: removed compile time --enable-network=restricted * modif: removed compile time --disable-bind * modif: --net=none allowed even if networking was disabled at compile time or at run time * modif: allow system users to run the sandbox * support wireless devices in --net option * support tap devices in --net option (tunneling support) * allow IP address configuration if the parent interface specified by --net is not configured (--netmask) * support for firetunnel utility * disable U2F devices (--nou2f) * add --private-cache to support private ~/.cache * support full paths in private-lib * globbing support in private-lib * support for local user directories in firecfg (--bindir) * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 * new profiles: start-tor-browser.desktop ------------------------------------------------------------------- Tue Sep 11 08:12:48 UTC 2018 - Markos Chandras <mchandras@suse.de> - Drop ldconfig calls since firejail libraries are installed in their own subdirectory which is not scanned by ldconfig. ------------------------------------------------------------------- Mon Sep 10 08:58:32 UTC 2018 - Markos Chandras <mchandras@suse.de> - Remove the rpmlintrc file since the warnings are no longer relevant. ------------------------------------------------------------------- Thu Aug 23 19:34:44 UTC 2018 - sebix+novell.com@sebix.at - Changed the permissions of the firejail executable to 4750. Setuid mode is used, but only allowed for users in the newly created group 'firejail' (boo#1059013). - Update to version 0.9.54: * modif: --force removed * modif: --csh, --zsh removed * modif: --debug-check-filename removed * modif: --git-install and --git-uninstall removed * modif: support for private-bin, private-lib and shell none has been disabled while running AppImage archives in order to be able to use our regular profile files with AppImages. * modif: restrictions for /proc, /sys and /run/user directories are moved from AppArmor profile into firejail executable * modif: unifying Chromium and Firefox browsers profiles. All users of Firefox-based browsers who use addons and plugins that read/write from ${HOME} will need to uncomment the includes for firefox-common-addons.inc in firefox-common.profile. * modif: split disable-devel.inc into disable-devel and disable-interpreters.inc * Firejail user access database (/etc/firejail/firejail.users, man firejail-users) * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) * Spectre mitigation patch for gcc and clang compiler * D-Bus handling (--nodbus) * AppArmor support for overlayfs and chroot sandboxes * AppArmor support for AppImages * Enable AppArmor by default for a large number of programs * firejail --apparmor.print option * firemon --apparmor option * apparmor yes/no flag in /etc/firejail/firejail.config * seccomp syscall list update for glibc 2.26-10 * seccomp disassembler for --seccomp.print option * seccomp machine code optimizer for default seccomp filters * IPv6 DNS support * whitelist support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes * added sandbox name support in firemon * firemon/prctl enhancements * noblacklist support for /sys/module directory * whitelist support for /sys/module directory * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, * new profiles: qmmp, sayonara ------------------------------------------------------------------- Wed Dec 13 00:54:11 UTC 2017 - avindra@opensuse.org - Update to version 0.9.52: * New features + systemd-resolved integration + whitelisted /var in most profiles + GTK2, GTK3 and Qt4 private-lib support + --debug-private-lib + test deployment of private-lib for the some apps: evince, galculator, gnome-calculator, leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, atril, mate-color-select, tar, file, strings, gpicview, eom, eog, gedit, pluma + netfilter template support + various new arguments * --writable-run-user * --rlimit-as * --rlimit-cpu * --timeout * --build (profile build tool) * --netfilter.print * --netfilter6.print * deprecations in modif + --allow-private-blacklists (blacklisting, read-only, read-write, tmpfs and noexec are allowed in private home directories + remount-proc-sys (firejail.config) + follow-symlink-private-bin (firejail.config) + --profile-path * enhancements + support Firejail user config directory in firecfg + disable DBus activation in firecfg + enumerate root directories in apparmor profile + /etc and /usr/share whitelisting support + globbing support for --private-bin * new profiles: upstreamed profiles from 3 sources: + https://github.com/chiraag-nataraj/firejail-profiles + https://github.com/nyancat18/fe + https://aur.archlinux.org/packages/firejail-profiles * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,imagej, karbon, 1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4 - Add full link to source tarball from sourceforge - Add asc file ------------------------------------------------------------------- Sat Sep 9 14:40:29 UTC 2017 - aavindraa@gmail.com - Update to version 0.9.50: * New features: - per-profile disable-mnt (--disable-mnt) - per-profile support to set X11 Xephyr screen size (--xephyr-screen) - private /lib directory (--private-lib) - disable CDROM/DVD drive (--nodvd) - disable DVB devices (--notv) - --profile.print * modif: --output split in two commands, --output and --output-stderr * set xpra-attach yes in /etc/firejail/firejail.config * Enhancements: - print all seccomp filters under --debug - /proc/sys mounting - rework IP address assingment for --net options - support for newer Xpra versions (2.1+) - - all profiles use a standard layout style - create /usr/local for firecfg if the directory doesn't exist - allow full paths in --private-bin * New seccomp features: - --memory-deny-write-execute - seccomp post-exec - block secondary architecture (--seccomp.block_secondary) - seccomp syscall groups - print all seccomp filters under --debug - default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio, electron, riot-web, Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter truecraft, gnome-twitch, tuxguitar, musescore, neverball sqlitebrowse, Yandex Browser, minetest ------------------------------------------------------------------- Tue Aug 15 15:47:49 CEST 2017 - tiwai@suse.de - Update to version 0.9.48: * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes ------------------------------------------------------------------- Mon Jan 16 16:33:59 CET 2017 - tiwai@suse.de - Update to version 0.9.44.4: * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * root exploit found by Sebastian Krahmer (CVE-2017-5180) - Update to version 0.9.44.6: * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week * major cleanup of file copying code * tightening the rules for --chroot and --overlay features * ported Gentoo compile patch * Nvidia drivers bug in --private-dev * fix ASSERT_PERMS_FD macro * allow local customization using .local files under /etc/firejail backported from our development branch * spoof machine-id backported from our development branch - Remove obsoleted patches: firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch ------------------------------------------------------------------- Thu Jan 5 10:38:43 CET 2017 - tiwai@suse.de - Update to version 0.9.44.2: Security fixes: * overwrite /etc/resolv.conf found by Martin Carpenter * TOCTOU exploit for –get and –put found by Daniel Hodson * invalid environment exploit found by Martin Carpenter * several security enhancements Bugfixes: * crashing VLC by pressing Ctrl-O * use user configured icons in KDE * mkdir and mkfile are not applied to private directories * cannot open files on Deluge running under KDE * –private=dir where dir is the user home directory * cannot start Vivaldi browser * cannot start mupdf * ssh profile problems * –quiet * quiet in git profile * memory corruption - Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259): firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch ------------------------------------------------------------------- Thu Oct 27 17:49:48 CEST 2016 - tiwai@suse.de - Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution ------------------------------------------------------------------- Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de - Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) Build options: * Busybox support (–enable-busybox-workaround) * disable overlayfs (–disable-overlayfs) * disable whitlisting (–disable-whitelist) * disable global config (–disable-globalcfg) Runtime options: * enable/disable overlayfs (overlayfs yes/no) * enable/disable quiet as default (quiet-by-default yes/no) * user-defined network filter (netfilter-default) * enable/disable whitelisting (whitelist yes/no) * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * enable/disable chroot desktop features (chroot-desktop yes/no) New/updated profiels: * Gitter, gThumb, mpv, Franz messenger, LibreOffice * pix, audacity, xz, xzdec, gzip, cpio, less * Atom Beta, Atom, jitsi, eom, uudeview * tar (gtar), unzip, unrar, file, skypeforlinux, * inox, Slack, gnome-chess. Gajim IM client, DOSBox - Enable apparmor support ------------------------------------------------------------------- Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de - Update to version 0.9.40: * Added firecfg utility * New options: -nice, -cpu.print, -writable-etc, -writable-var, -read-only * X11 support: -x11 option (-x11=xpra, -x11=xephr) * Filetransfer options: –ls and –get * Added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * Run time config support, man firejail-config * AppArmor fixes * Default seccomp filter update * Disable STUN/WebRTC in default netfilter configuration * Lots of new profiles ------------------------------------------------------------------- Tue May 17 17:13:03 CEST 2016 - tiwai@suse.de - initial package: 0.9.38
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor