diff --git a/firejail-0.9.52.tar.xz b/firejail-0.9.52.tar.xz deleted file mode 100644 index 51aa3e9..0000000 --- a/firejail-0.9.52.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:da14c93ebc0e8deb420ab9979d1c006ecc98b5b310b27cae43f0c623c9471471 -size 299396 diff --git a/firejail-0.9.52.tar.xz.asc b/firejail-0.9.52.tar.xz.asc deleted file mode 100644 index ce0c8be..0000000 --- a/firejail-0.9.52.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCAAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAlov3ecACgkQLMs2rfxY -Sacd1wgAj56JTfDnNkG5LcUfeONcRqd430QzV8QH1eK8mQrAHwkQYhikxvG0J4/R -LndJ1OsrDy+QokXWlWGpp+zSj/FMnCYZs28DKm7jMyKHagdcB96QYaz+jVDQERtx -e6rxTWiz6J/kVXx+7yG8UxSXMzP1ScmsmpleaIKPQWQbhrUw0rSp8lNIEuvegCdB -uXThrWvL/9raonWfaES4fJw7LO90BfA3CGJsmUGaibXi2K4Fjorugbn0bikiQQMI -0Y2/7a9cSa4qtRmvOL3b5hScr2Vc1vLEwsssrjQMhLSwf2wcBGqcgLVoP5sc5ZWQ -js8LbOhwgosJouLCQswqGnZbsdMo8Q== -=3zHj ------END PGP SIGNATURE----- diff --git a/firejail-0.9.54.tar.xz b/firejail-0.9.54.tar.xz new file mode 100644 index 0000000..9190004 --- /dev/null +++ b/firejail-0.9.54.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ce996854278863f3e91ff185198c7cc1377fb70053d37a43e3b1ef1021c57756 +size 315884 diff --git a/firejail-0.9.54.tar.xz.asc b/firejail-0.9.54.tar.xz.asc new file mode 100644 index 0000000..464197f --- /dev/null +++ b/firejail-0.9.54.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEE+VEWSZX1xABqc0EeLMs2rfxYSacFAlr8NyMACgkQLMs2rfxY +Sadqpgf/fUTS0ITcZaMzBFQgWd2dvFBusAGD8HDkxgp7ITy8/t9i49Ix/0KJAzdE +vrQmJ2+5emBVjG9R50t/1G+JxNMMg5e8mK2/XA4kHFVqtmws/E3islC169fOVObV +EE4Gi6N6pTKoLholrLdZuvS7GyPCp3pf6WWLZkpCOAx73j3RCdIiXdP1iSf2uZLQ +/5+QBIQO8g+E1RpLls18QyNuQz4kw988w9/6dzvha5lFB5DMdPgjEzAL50B6Etiq +pLtziooy58kWiFpTfDRi3//xfpTSIYa0QIwFyy4sUUbiifv+Lvqe42cqD+AK9/6H +1rLWthvezOS4aSizp+ApGlQaFrOI8w== +=fc0E +-----END PGP SIGNATURE----- diff --git a/firejail.changes b/firejail.changes index f92fd47..f19a22f 100644 --- a/firejail.changes +++ b/firejail.changes @@ -1,3 +1,59 @@ +------------------------------------------------------------------- +Thu Aug 23 19:34:44 UTC 2018 - sebix+novell.com@sebix.at + +- Changed the permissions of the firejail executable to 4750. + Setuid mode is used, but only allowed for users in the newly + created group 'firejail' (boo#1059013). +- Update to version 0.9.54: + * modif: --force removed + * modif: --csh, --zsh removed + * modif: --debug-check-filename removed + * modif: --git-install and --git-uninstall removed + * modif: support for private-bin, private-lib and shell none has been + disabled while running AppImage archives in order to be able to use + our regular profile files with AppImages. + * modif: restrictions for /proc, /sys and /run/user directories + are moved from AppArmor profile into firejail executable + * modif: unifying Chromium and Firefox browsers profiles. + All users of Firefox-based browsers who use addons and plugins + that read/write from ${HOME} will need to uncomment the includes for + firefox-common-addons.inc in firefox-common.profile. + * modif: split disable-devel.inc into disable-devel and + disable-interpreters.inc + * Firejail user access database (/etc/firejail/firejail.users, + man firejail-users) + * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) + * Spectre mitigation patch for gcc and clang compiler + * D-Bus handling (--nodbus) + * AppArmor support for overlayfs and chroot sandboxes + * AppArmor support for AppImages + * Enable AppArmor by default for a large number of programs + * firejail --apparmor.print option + * firemon --apparmor option + * apparmor yes/no flag in /etc/firejail/firejail.config + * seccomp syscall list update for glibc 2.26-10 + * seccomp disassembler for --seccomp.print option + * seccomp machine code optimizer for default seccomp filters + * IPv6 DNS support + * whitelist support for overlay and chroot sandboxes + * private-dev support for overlay and chroot sandboxes + * private-tmp support for overlay and chroot sandboxes + * added sandbox name support in firemon + * firemon/prctl enhancements + * noblacklist support for /sys/module directory + * whitelist support for /sys/module directory + * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, + * new profiles: discord-canary, pycharm-community, pycharm-professional, + * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, + * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, + * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, + * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, + * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, + * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, + * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, + * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, + * new profiles: qmmp, sayonara + ------------------------------------------------------------------- Wed Dec 13 00:54:11 UTC 2017 - avindra@opensuse.org diff --git a/firejail.spec b/firejail.spec index c5c7b23..d7f82ed 100644 --- a/firejail.spec +++ b/firejail.spec @@ -17,7 +17,7 @@ Name: firejail -Version: 0.9.52 +Version: 0.9.54 Release: 0 Summary: Linux namepaces sandbox program License: GPL-2.0 @@ -28,7 +28,9 @@ Source1: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar. Source2: %{name}.rpmlintrc BuildRequires: gcc-c++ BuildRequires: libapparmor-devel -Requires(pre): permissions +BuildRequires: fdupes +Requires(pre): shadow +PreReq: permissions %description Firejail is a SUID sandbox program that reduces the risk of security @@ -41,14 +43,20 @@ Linux namespace support. It supports sandboxing specific users upon login. %prep %setup -q +sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' contrib/fj-mkdeb.py contrib/fjclip.py contrib/fjdisplay.py contrib/fjresize.py %build %configure --docdir=%{_docdir}/%{name} \ --enable-apparmor make %{?_smp_mflags} VERBOSE=1 +%pre +getent group firejail >/dev/null || groupadd -r firejail +exit 0 + %install %make_install +%fdupes -s %{buildroot} %post /sbin/ldconfig @@ -60,7 +68,7 @@ make %{?_smp_mflags} VERBOSE=1 %postun -p /sbin/ldconfig %files -%verify(not user group mode) %{_bindir}/firejail +%attr(4750,root,firejail) %verify(not user group mode) %{_bindir}/firejail %{_bindir}/firecfg %{_bindir}/firemon %{_datadir}/bash-completion @@ -70,6 +78,9 @@ make %{?_smp_mflags} VERBOSE=1 %{_mandir}/man5/* %dir %{_sysconfdir}/%{name} %config %{_sysconfdir}/%{name}/* -%{_sysconfdir}/apparmor.d +%config %{_sysconfdir}/apparmor.d/firejail-default +%config %{_sysconfdir}/apparmor.d/local/firejail-local +%dir %{_sysconfdir}/apparmor.d +%dir %{_sysconfdir}/apparmor.d/local %changelog