pool/firejail
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
555d6e90b4
firejail/firejail.changes
Olaf Hering 555d6e90b4 Accepting request 431498 from home:tiwai:branches:Virtualization 
- Update to version 0.9.42:
  Security fixes:
  * –whitelist deleted files
  * disable x32 ABI in seccomp
  * tighten –chroot
  * terminal sandbox escape
  * several TOCTOU fixes
  Behavior changes:
  * bringing back –private-home option
  * deprecated –user option, please use “sudo -u username firejail”
  * allow symlinks in home directory for –whitelist option
  * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
  * recursive mkdir
  * include /dev/snd in –private-dev
  * seccomp filter update
  * release archives moved to .xz format
  New features:
  * AppImage support (–appimage)
  * AppArmor support (–apparmor)
  * Ubuntu snap support (/etc/firejail/snap.profile)
  * Sandbox auditing support (–audit)
  * remove environment variable (–rmenv)
  * noexec support (–noexec)
  * clean local overlay storage directory (–overlay-clean)
  * store and reuse overlay (–overlay-named)
  * allow debugging inside the sandbox with gdb and strace (–allow-debuggers)
  * mkfile profile command
  * quiet profile command
  * x11 profile command
  * option to fix desktop files (firecfg –fix)

OBS-URL: https://build.opensuse.org/request/show/431498
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=3
2016-10-13 08:58:49 +00:00

77 lines
2.9 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de
- Update to version 0.9.42:
Security fixes:
* whitelist deleted files
* disable x32 ABI in seccomp
* tighten chroot
* terminal sandbox escape
* several TOCTOU fixes
Behavior changes:
* bringing back private-home option
* deprecated user option, please use “sudo -u username firejail”
* allow symlinks in home directory for whitelist option
* Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
* recursive mkdir
* include /dev/snd in private-dev
* seccomp filter update
* release archives moved to .xz format
New features:
* AppImage support (appimage)
* AppArmor support (apparmor)
* Ubuntu snap support (/etc/firejail/snap.profile)
* Sandbox auditing support (audit)
* remove environment variable (rmenv)
* noexec support (noexec)
* clean local overlay storage directory (overlay-clean)
* store and reuse overlay (overlay-named)
* allow debugging inside the sandbox with gdb and strace (allow-debuggers)
* mkfile profile command
* quiet profile command
* x11 profile command
* option to fix desktop files (firecfg fix)
Build options:
* Busybox support (enable-busybox-workaround)
* disable overlayfs (disable-overlayfs)
* disable whitlisting (disable-whitelist)
* disable global config (disable-globalcfg)
Runtime options:
* enable/disable overlayfs (overlayfs yes/no)
* enable/disable quiet as default (quiet-by-default yes/no)
* user-defined network filter (netfilter-default)
* enable/disable whitelisting (whitelist yes/no)
* enable/disable remounting of /proc and /sys (remount-proc-sys yes/no)
* enable/disable chroot desktop features (chroot-desktop yes/no)
New/updated profiels:
* Gitter, gThumb, mpv, Franz messenger, LibreOffice
* pix, audacity, xz, xzdec, gzip, cpio, less
* Atom Beta, Atom, jitsi, eom, uudeview
* tar (gtar), unzip, unrar, file, skypeforlinux,
* inox, Slack, gnome-chess. Gajim IM client, DOSBox
- Enable apparmor support
-------------------------------------------------------------------
Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de
- Update to version 0.9.40:
* Added firecfg utility
* New options: -nice, -cpu.print, -writable-etc, -writable-var,
-read-only
* X11 support: -x11 option (-x11=xpra, -x11=xephr)
* Filetransfer options: ls and get
* Added mkdir, ipc-namespace, and nosound profile commands
* added net, ip, defaultgw, ip6, mac, mtu and iprange profile
commands
* Run time config support, man firejail-config
* AppArmor fixes
* Default seccomp filter update
* Disable STUN/WebRTC in default netfilter configuration
* Lots of new profiles
-------------------------------------------------------------------
Tue May 17 17:13:03 CEST 2016 - tiwai@suse.de
- initial package: 0.9.38
Reference in New Issue View Git Blame Copy Permalink