pool/firejail
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
55 Commits 1 Branch 0 Tags 255 KiB
factory
Commit Graph

55 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Ismail Dönmez
7a7ff5e7fe Accepting request 448835 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44.2:
  Security fixes:
  * overwrite /etc/resolv.conf found by Martin Carpenter
  * TOCTOU exploit for –get and –put found by Daniel Hodson
  * invalid environment exploit found by Martin Carpenter
  * several security enhancements
  Bugfixes:
  * crashing VLC by pressing Ctrl-O
  * use user configured icons in KDE
  * mkdir and mkfile are not applied to private directories
  * cannot open files on Deluge running under KDE
  * –private=dir where dir is the user home directory
  * cannot start Vivaldi browser
  * cannot start mupdf
  * ssh profile problems
  * –quiet
  * quiet in git profile
  * memory corruption
- Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259):
  firejail-CVE-2017-5180-fix1.patch
  firejail-CVE-2017-5180-fix2.patch

OBS-URL: https://build.opensuse.org/request/show/448835
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=5
 2017-01-07 09:27:56 +00:00
Ismail Dönmez
c5bd94cd19 Accepting request 437560 from home:tiwai:branches:Virtualization 
- Update to version 0.9.44:
  * CVE-2016-7545 submitted by Aleksey Manevich
  Modifications:
  * removed man firejail-config
  * –private-tmp whitelists /tmp/.X11-unix directory
  * Nvidia drivers added to –private-dev
  * /srv supported by –whitelist
  New features:
  * allow user access to /sys/fs (–noblacklist=/sys/fs)
  * support starting/joining sandbox is a single command (–join-or-start)
  * X11 detection support for –audit
  * assign a name to the interface connected to the bridge (–veth-name)
  * all user home directories are visible (–allusers)
  * add files to sandbox container (–put)
  * blocking x11 (–x11=block)
  * X11 security extension (–x11=xorg)
  * disable 3D hardware acceleration (–no3d)
  * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands
  * move files in sandbox (–put)
  * accept wildcard patterns in user name field of restricted shell login feature
  New profiles:
  * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape
  * feh, ranger, zathura, 7z, keepass, keepassx,
  * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot
  * Flowblade, Eye of GNOME (eog), Evolution

OBS-URL: https://build.opensuse.org/request/show/437560
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=4
 2016-11-03 08:20:46 +00:00
Olaf Hering
555d6e90b4 Accepting request 431498 from home:tiwai:branches:Virtualization 
- Update to version 0.9.42:
  Security fixes:
  * –whitelist deleted files
  * disable x32 ABI in seccomp
  * tighten –chroot
  * terminal sandbox escape
  * several TOCTOU fixes
  Behavior changes:
  * bringing back –private-home option
  * deprecated –user option, please use “sudo -u username firejail”
  * allow symlinks in home directory for –whitelist option
  * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
  * recursive mkdir
  * include /dev/snd in –private-dev
  * seccomp filter update
  * release archives moved to .xz format
  New features:
  * AppImage support (–appimage)
  * AppArmor support (–apparmor)
  * Ubuntu snap support (/etc/firejail/snap.profile)
  * Sandbox auditing support (–audit)
  * remove environment variable (–rmenv)
  * noexec support (–noexec)
  * clean local overlay storage directory (–overlay-clean)
  * store and reuse overlay (–overlay-named)
  * allow debugging inside the sandbox with gdb and strace (–allow-debuggers)
  * mkfile profile command
  * quiet profile command
  * x11 profile command
  * option to fix desktop files (firecfg –fix)

OBS-URL: https://build.opensuse.org/request/show/431498
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=3
 2016-10-13 08:58:49 +00:00
Ismail Dönmez
c0b4cdac0f Accepting request 400690 from home:tiwai:branches:Virtualization 
- Update to version 0.9.40:
  * Added firecfg utility
  * New options: -nice, -cpu.print, -writable-etc, -writable-var,
    -read-only
  * X11 support: -x11 option (-x11=xpra, -x11=xephr)
  * Filetransfer options: –ls and –get
  * Added mkdir, ipc-namespace, and nosound profile commands
  * added net, ip, defaultgw, ip6, mac, mtu and iprange profile
    commands
  * Run time config support, man firejail-config
  * AppArmor fixes
  * Default seccomp filter update
  * Disable STUN/WebRTC in default netfilter configuration
  * Lots of new profiles

OBS-URL: https://build.opensuse.org/request/show/400690
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=2
 2016-06-08 17:13:02 +00:00
Dirk Mueller
755e067884 Accepting request 397032 from home:tiwai:firejail 
This is a request for a new package "firejail".
It's a lightweight sandbox using namespace and seccomp.

Let me know if Virtualization doesn't fit as the devel project for such a program.

OBS-URL: https://build.opensuse.org/request/show/397032
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=1
 2016-05-24 05:12:25 +00:00