New upstream version 0.9.54
Reiner Herrmann
5 years ago
| 0 | firejail (0.9.54~rc1) baseline; urgency=low | |
| 1 | * work in progress | |
| 0 | firejail (0.9.54) baseline; urgency=low | |
| 2 | 1 | * modif: --force removed |
| 3 | 2 | * modif: --csh, --zsh removed |
| 4 | 3 | * modif: --debug-check-filename removed |
| 47 | 46 | * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, |
| 48 | 47 | * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, |
| 49 | 48 | * new profiles: qmmp, sayonara |
| 50 | -- netblue30 <netblue30@yahoo.com> Sun, 6 May 2018 08:00:00 -0500 | |
| 49 | -- netblue30 <netblue30@yahoo.com> Wed, 16 May 2018 08:00:00 -0500 | |
| 51 | 50 | |
| 52 | 51 | firejail (0.9.52) baseline; urgency=low |
| 53 | 52 | * modif: --allow-private-blacklists was deprecated; blacklisting, |
| 0 | 0 | #! /bin/sh |
| 1 | 1 | # Guess values for system-dependent variables and create Makefiles. |
| 2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.54~rc2. | |
| 2 | # Generated by GNU Autoconf 2.69 for firejail 0.9.54. | |
| 3 | 3 | # |
| 4 | 4 | # Report bugs to <netblue30@yahoo.com>. |
| 5 | 5 | # |
| 579 | 579 | # Identity of this package. |
| 580 | 580 | PACKAGE_NAME='firejail' |
| 581 | 581 | PACKAGE_TARNAME='firejail' |
| 582 | PACKAGE_VERSION='0.9.54~rc2' | |
| 583 | PACKAGE_STRING='firejail 0.9.54~rc2' | |
| 582 | PACKAGE_VERSION='0.9.54' | |
| 583 | PACKAGE_STRING='firejail 0.9.54' | |
| 584 | 584 | PACKAGE_BUGREPORT='netblue30@yahoo.com' |
| 585 | 585 | PACKAGE_URL='http://firejail.wordpress.com' |
| 586 | 586 | |
| 1276 | 1276 | # Omit some internal or obsolete options to make the list less imposing. |
| 1277 | 1277 | # This message is too long to be a string in the A/UX 3.1 sh. |
| 1278 | 1278 | cat <<_ACEOF |
| 1279 | \`configure' configures firejail 0.9.54~rc2 to adapt to many kinds of systems. | |
| 1279 | \`configure' configures firejail 0.9.54 to adapt to many kinds of systems. | |
| 1280 | 1280 | |
| 1281 | 1281 | Usage: $0 [OPTION]... [VAR=VALUE]... |
| 1282 | 1282 | |
| 1338 | 1338 | |
| 1339 | 1339 | if test -n "$ac_init_help"; then |
| 1340 | 1340 | case $ac_init_help in |
| 1341 | short | recursive ) echo "Configuration of firejail 0.9.54~rc2:";; | |
| 1341 | short | recursive ) echo "Configuration of firejail 0.9.54:";; | |
| 1342 | 1342 | esac |
| 1343 | 1343 | cat <<\_ACEOF |
| 1344 | 1344 | |
| 1446 | 1446 | test -n "$ac_init_help" && exit $ac_status |
| 1447 | 1447 | if $ac_init_version; then |
| 1448 | 1448 | cat <<\_ACEOF |
| 1449 | firejail configure 0.9.54~rc2 | |
| 1449 | firejail configure 0.9.54 | |
| 1450 | 1450 | generated by GNU Autoconf 2.69 |
| 1451 | 1451 | |
| 1452 | 1452 | Copyright (C) 2012 Free Software Foundation, Inc. |
| 1748 | 1748 | This file contains any messages produced by compilers while |
| 1749 | 1749 | running configure, to aid debugging if configure makes a mistake. |
| 1750 | 1750 | |
| 1751 | It was created by firejail $as_me 0.9.54~rc2, which was | |
| 1751 | It was created by firejail $as_me 0.9.54, which was | |
| 1752 | 1752 | generated by GNU Autoconf 2.69. Invocation command line was |
| 1753 | 1753 | |
| 1754 | 1754 | $ $0 $@ |
| 4406 | 4406 | # report actual input values of CONFIG_FILES etc. instead of their |
| 4407 | 4407 | # values after options handling. |
| 4408 | 4408 | ac_log=" |
| 4409 | This file was extended by firejail $as_me 0.9.54~rc2, which was | |
| 4409 | This file was extended by firejail $as_me 0.9.54, which was | |
| 4410 | 4410 | generated by GNU Autoconf 2.69. Invocation command line was |
| 4411 | 4411 | |
| 4412 | 4412 | CONFIG_FILES = $CONFIG_FILES |
| 4460 | 4460 | cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 |
| 4461 | 4461 | ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" |
| 4462 | 4462 | ac_cs_version="\\ |
| 4463 | firejail config.status 0.9.54~rc2 | |
| 4463 | firejail config.status 0.9.54 | |
| 4464 | 4464 | configured by $0, generated by GNU Autoconf 2.69, |
| 4465 | 4465 | with options \\"\$ac_cs_config\\" |
| 4466 | 4466 | |
| 0 | 0 | AC_PREREQ([2.68]) |
| 1 | AC_INIT(firejail, 0.9.54~rc2, netblue30@yahoo.com, , http://firejail.wordpress.com) | |
| 1 | AC_INIT(firejail, 0.9.54, netblue30@yahoo.com, , http://firejail.wordpress.com) | |
| 2 | 2 | AC_CONFIG_SRCDIR([src/firejail/main.c]) |
| 3 | 3 | #AC_CONFIG_HEADERS([config.h]) |
| 4 | 4 |
| 37 | 37 | # private-bin gedit |
| 38 | 38 | private-dev |
| 39 | 39 | # private-etc fonts |
| 40 | private-lib gedit,libgspell-1.so.1,gconv,aspell | |
| 40 | # private-lib temporarily disabled pending code fixes | |
| 41 | #private-lib gedit,libgspell-1.so.1,gconv,aspell | |
| 41 | 42 | private-tmp |
| 42 | 43 | |
| 43 | 44 | noexec ${HOME} |
| 6 | 6 | |
| 7 | 7 | noblacklist ${HOME}/.config/kritarc |
| 8 | 8 | noblacklist ${HOME}/.local/share/krita |
| 9 | ||
| 10 | # Allow python (blacklisted by disable-interpreters.inc) | |
| 11 | noblacklist ${PATH}/python2* | |
| 12 | noblacklist ${PATH}/python3* | |
| 13 | noblacklist /usr/lib/python2* | |
| 14 | noblacklist /usr/lib/python3* | |
| 9 | 15 | |
| 10 | 16 | include /etc/firejail/disable-common.inc |
| 11 | 17 | include /etc/firejail/disable-devel.inc |
| 21 | 21 | nosound |
| 22 | 22 | notv |
| 23 | 23 | # novideo |
| 24 | protocol unix,netlink | |
| 24 | protocol unix,inet,inet6,netlink | |
| 25 | 25 | # blacklisting of ioperm system calls breaks skanlite |
| 26 | 26 | seccomp.drop @clock,@cpu-emulation,@debug,@module,@obsolete,@reboot,@resources,@swap,acct,add_key,bpf,chroot,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,iopl,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,pciconfig_iobase,pciconfig_read,pciconfig_write,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,s390_mmio_read,s390_mmio_write,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice |
| 27 | 27 | shell none |
| 12 | 12 | whitelist ${HOME}/.cache/vivaldi |
| 13 | 13 | whitelist ${HOME}/.config/vivaldi |
| 14 | 14 | |
| 15 | # nodbus breaks vivaldi sync | |
| 16 | ignore nodbus | |
| 17 | ||
| 15 | 18 | # Redirect |
| 16 | 19 | include /etc/firejail/chromium-common.profile |
| 123 | 123 | if (asprintf(&dest, "%s/%s", RUN_DNS_ETC, entry->d_name) == -1) |
| 124 | 124 | errExit("asprintf"); |
| 125 | 125 | |
| 126 | int symlink_done = 0; | |
| 126 | 127 | if (is_link(src)) { |
| 127 | 128 | char *rp =realpath(src, NULL); |
| 128 | 129 | if (rp == NULL) { |
| 132 | 133 | } |
| 133 | 134 | if (symlink(rp, dest)) |
| 134 | 135 | errExit("symlink"); |
| 136 | else | |
| 137 | symlink_done = 1; | |
| 135 | 138 | } |
| 136 | 139 | else if (S_ISDIR(s.st_mode)) |
| 137 | 140 | create_empty_dir_as_root(dest, s.st_mode); |
| 138 | 141 | else |
| 139 | 142 | create_empty_file_as_root(dest, s.st_mode); |
| 143 | ||
| 140 | 144 | // bind-mount src on top of dest |
| 141 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | |
| 142 | errExit("mount bind mirroring /etc"); | |
| 145 | if (!symlink_done) { | |
| 146 | if (mount(src, dest, NULL, MS_BIND|MS_REC, NULL) < 0) | |
| 147 | errExit("mount bind mirroring /etc"); | |
| 148 | } | |
| 143 | 149 | fs_logger2("clone", src); |
| 144 | 150 | |
| 145 | 151 | free(src); |
| 40 | 40 | MountData *m = get_last_mount(); |
| 41 | 41 | |
| 42 | 42 | char *msg1; |
| 43 | char *msg2; | |
| 43 | char *msg2 = "Access error"; | |
| 44 | 44 | if (vasprintf(&msg1, fmt, args) != -1 && |
| 45 | 45 | asprintf(&msg2, "Access error: pid %d, last mount name:%s dir:%s type:%s - %s", getuid(), m->fsname, m->dir, m->fstype, msg1) != -1) |
| 46 | 46 | syslog(LOG_CRIT, "%s", msg2); |