New upstream version 0.9.54
Reiner Herrmann
5 years ago
0 | firejail (0.9.54~rc1) baseline; urgency=low | |
1 | * work in progress | |
0 | firejail (0.9.54) baseline; urgency=low | |
2 | 1 | * modif: --force removed |
3 | 2 | * modif: --csh, --zsh removed |
4 | 3 | * modif: --debug-check-filename removed |
47 | 46 | * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, |
48 | 47 | * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, |
49 | 48 | * new profiles: qmmp, sayonara |
50 | -- netblue30 <netblue30@yahoo.com> Sun, 6 May 2018 08:00:00 -0500 | |
49 | -- netblue30 <netblue30@yahoo.com> Wed, 16 May 2018 08:00:00 -0500 | |
51 | 50 | |
52 | 51 | firejail (0.9.52) baseline; urgency=low |
53 | 52 | * modif: --allow-private-blacklists was deprecated; blacklisting, |
0 | 0 | #! /bin/sh |
1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.54~rc2. | |
2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.54. | |
3 | 3 | # |
4 | 4 | # Report bugs to <netblue30@yahoo.com>. |
5 | 5 | # |
579 | 579 | # Identity of this package. |
580 | 580 | PACKAGE_NAME='firejail' |
581 | 581 | PACKAGE_TARNAME='firejail' |
582 | PACKAGE_VERSION='0.9.54~rc2' | |
583 | PACKAGE_STRING='firejail 0.9.54~rc2' | |
582 | PACKAGE_VERSION='0.9.54' | |
583 | PACKAGE_STRING='firejail 0.9.54' | |
584 | 584 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
585 | 585 | PACKAGE_URL='http://firejail.wordpress.com' |
586 | 586 | |
1276 | 1276 | # Omit some internal or obsolete options to make the list less imposing. |
1277 | 1277 | # This message is too long to be a string in the A/UX 3.1 sh. |
1278 | 1278 | cat <<_ACEOF |
1279 | \`configure' configures firejail 0.9.54~rc2 to adapt to many kinds of systems. | |
1279 | \`configure' configures firejail 0.9.54 to adapt to many kinds of systems. | |
1280 | 1280 | |
1281 | 1281 | Usage: $0 [OPTION]... [VAR=VALUE]... |
1282 | 1282 | |
1338 | 1338 | |
1339 | 1339 | if test -n "$ac_init_help"; then |
1340 | 1340 | case $ac_init_help in |
1341 | short | recursive ) echo "Configuration of firejail 0.9.54~rc2:";; | |
1341 | short | recursive ) echo "Configuration of firejail 0.9.54:";; | |
1342 | 1342 | esac |
1343 | 1343 | cat <<\_ACEOF |
1344 | 1344 | |
1446 | 1446 | test -n "$ac_init_help" && exit $ac_status |
1447 | 1447 | if $ac_init_version; then |
1448 | 1448 | cat <<\_ACEOF |
1449 | firejail configure 0.9.54~rc2 | |
1449 | firejail configure 0.9.54 | |
1450 | 1450 | generated by GNU Autoconf 2.69 |
1451 | 1451 | |
1452 | 1452 | Copyright (C) 2012 Free Software Foundation, Inc. |
1748 | 1748 | This file contains any messages produced by compilers while |
1749 | 1749 | running configure, to aid debugging if configure makes a mistake. |
1750 | 1750 | |
1751 | It was created by firejail $as_me 0.9.54~rc2, which was | |
1751 | It was created by firejail $as_me 0.9.54, which was | |
1752 | 1752 | generated by GNU Autoconf 2.69. Invocation command line was |
1753 | 1753 | |
1754 | 1754 | $ $0 $@ |
4406 | 4406 | # report actual input values of CONFIG_FILES etc. instead of their |
4407 | 4407 | # values after options handling. |
4408 | 4408 | ac_log=" |
4409 | This file was extended by firejail $as_me 0.9.54~rc2, which was | |
4409 | This file was extended by firejail $as_me 0.9.54, which was | |
4410 | 4410 | generated by GNU Autoconf 2.69. Invocation command line was |
4411 | 4411 | |
4412 | 4412 | CONFIG_FILES = $CONFIG_FILES |
4460 | 4460 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
4461 | 4461 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
4462 | 4462 | ac_cs_version="\\ |
4463 | firejail config.status 0.9.54~rc2 | |
4463 | firejail config.status 0.9.54 | |
4464 | 4464 | configured by $0, generated by GNU Autoconf 2.69, |
4465 | 4465 | with options \\"\$ac_cs_config\\" |
4466 | 4466 |
0 | 0 | AC_PREREQ([2.68]) |
1 | AC_INIT(firejail, 0.9.54~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) | |
1 | AC_INIT(firejail, 0.9.54, netblue30@yahoo.com, , http://firejail.wordpress.com) | |
2 | 2 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
3 | 3 | #AC_CONFIG_HEADERS([config.h]) |
4 | 4 |
37 | 37 | # private-bin gedit |
38 | 38 | private-dev |
39 | 39 | # private-etc fonts |
40 | private-lib gedit,libgspell-1.so.1,gconv,aspell | |
40 | # private-lib temporarily disabled pending code fixes | |
41 | #private-lib gedit,libgspell-1.so.1,gconv,aspell | |
41 | 42 | private-tmp |
42 | 43 | |
43 | 44 | noexec ${HOME} |
6 | 6 | |
7 | 7 | noblacklist ${HOME}/.config/kritarc |
8 | 8 | noblacklist ${HOME}/.local/share/krita |
9 | ||
10 | # Allow python (blacklisted by disable-interpreters.inc) | |
11 | noblacklist ${PATH}/python2* | |
12 | noblacklist ${PATH}/python3* | |
13 | noblacklist /usr/lib/python2* | |
14 | noblacklist /usr/lib/python3* | |
9 | 15 | |
10 | 16 | include /etc/firejail/disable-common.inc |
11 | 17 | include /etc/firejail/disable-devel.inc |
21 | 21 | nosound |
22 | 22 | notv |
23 | 23 | # novideo |
24 | protocol unix,netlink | |
24 | protocol unix,inet,inet6,netlink | |
25 | 25 | # blacklisting of ioperm system calls breaks skanlite |
26 | 26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
27 | 27 | shell none |
12 | 12 | whitelist ${HOME}/.cache/vivaldi |
13 | 13 | whitelist ${HOME}/.config/vivaldi |
14 | 14 | |
15 | # nodbus breaks vivaldi sync | |
16 | ignore nodbus | |
17 | ||
15 | 18 | # Redirect |
16 | 19 | include /etc/firejail/chromium-common.profile |
123 | 123 | if (asprintf(&dest, "%s/%s", RUN_DNS_ETC, entry->d_name) == -1) |
124 | 124 | errExit("asprintf"); |
125 | 125 | |
126 | int symlink_done = 0; | |
126 | 127 | if (is_link(src)) { |
127 | 128 | char *rp =realpath(src, NULL); |
128 | 129 | if (rp == NULL) { |
132 | 133 | } |
133 | 134 | if (symlink(rp, dest)) |
134 | 135 | errExit("symlink"); |
136 | else | |
137 | symlink_done = 1; | |
135 | 138 | } |
136 | 139 | else if (S_ISDIR(s.st_mode)) |
137 | 140 | create_empty_dir_as_root(dest, s.st_mode); |
138 | 141 | else |
139 | 142 | create_empty_file_as_root(dest, s.st_mode); |
143 | ||
140 | 144 | // bind-mount src on top of dest |
141 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | |
142 | errExit("mount bind mirroring /etc"); | |
145 | if (!symlink_done) { | |
146 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | |
147 | errExit("mount bind mirroring /etc"); | |
148 | } | |
143 | 149 | fs_logger2("clone", src); |
144 | 150 | |
145 | 151 | free(src); |
40 | 40 | MountData *m = get_last_mount(); |
41 | 41 | |
42 | 42 | char *msg1; |
43 | char *msg2; | |
43 | char *msg2 = "Access error"; | |
44 | 44 | if (vasprintf(&msg1, fmt, args) != -1 && |
45 | 45 | asprintf(&msg2, "Access error: pid %d, last mount name:%s dir:%s type:%s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) |
46 | 46 | syslog(LOG_CRIT, "%s", msg2); |