rpm/firejail
SHA256
1
0
Fork 0
forked from pool/firejail
Code Pull Requests Activity

Accepting request 431498 from home:tiwai:branches:Virtualization

Browse Source 
- Update to version 0.9.42:
  Security fixes:
  * –whitelist deleted files
  * disable x32 ABI in seccomp
  * tighten –chroot
  * terminal sandbox escape
  * several TOCTOU fixes
  Behavior changes:
  * bringing back –private-home option
  * deprecated –user option, please use “sudo -u username firejail”
  * allow symlinks in home directory for –whitelist option
  * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
  * recursive mkdir
  * include /dev/snd in –private-dev
  * seccomp filter update
  * release archives moved to .xz format
  New features:
  * AppImage support (–appimage)
  * AppArmor support (–apparmor)
  * Ubuntu snap support (/etc/firejail/snap.profile)
  * Sandbox auditing support (–audit)
  * remove environment variable (–rmenv)
  * noexec support (–noexec)
  * clean local overlay storage directory (–overlay-clean)
  * store and reuse overlay (–overlay-named)
  * allow debugging inside the sandbox with gdb and strace (–allow-debuggers)
  * mkfile profile command
  * quiet profile command
  * x11 profile command
  * option to fix desktop files (firecfg –fix)

OBS-URL: https://build.opensuse.org/request/show/431498
OBS-URL: https://build.opensuse.org/package/show/Virtualization/firejail?expand=0&rev=3
This commit is contained in:
Olaf Hering 2016-10-13 08:58:49 +00:00 committed by Git OBS Bridge
parent c0b4cdac0f
commit 555d6e90b4
4 changed files with 62 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
firejail-0.9.40.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:49ed9c76fb77bf71543f0e6cacf9491f8280ae5602ecf805b57a011b528222b6
size 197184

3
firejail-0.9.42.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4f3bceee973b84fdf13a5d5ab0060d140ecc8e42c19c945e7fb93f0fd8499b47
size 204608

53
firejail.changes
View File

@ -1,3 +1,56 @@
-------------------------------------------------------------------
Fri Sep 30 10:56:58 CEST 2016 - tiwai@suse.de
- Update to version 0.9.42:
Security fixes:
* whitelist deleted files
* disable x32 ABI in seccomp
* tighten chroot
* terminal sandbox escape
* several TOCTOU fixes
Behavior changes:
* bringing back private-home option
* deprecated user option, please use “sudo -u username firejail”
* allow symlinks in home directory for whitelist option
* Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes”
* recursive mkdir
* include /dev/snd in private-dev
* seccomp filter update
* release archives moved to .xz format
New features:
* AppImage support (appimage)
* AppArmor support (apparmor)
* Ubuntu snap support (/etc/firejail/snap.profile)
* Sandbox auditing support (audit)
* remove environment variable (rmenv)
* noexec support (noexec)
* clean local overlay storage directory (overlay-clean)
* store and reuse overlay (overlay-named)
* allow debugging inside the sandbox with gdb and strace (allow-debuggers)
* mkfile profile command
* quiet profile command
* x11 profile command
* option to fix desktop files (firecfg fix)
Build options:
* Busybox support (enable-busybox-workaround)
* disable overlayfs (disable-overlayfs)
* disable whitlisting (disable-whitelist)
* disable global config (disable-globalcfg)
Runtime options:
* enable/disable overlayfs (overlayfs yes/no)
* enable/disable quiet as default (quiet-by-default yes/no)
* user-defined network filter (netfilter-default)
* enable/disable whitelisting (whitelist yes/no)
* enable/disable remounting of /proc and /sys (remount-proc-sys yes/no)
* enable/disable chroot desktop features (chroot-desktop yes/no)
New/updated profiels:
* Gitter, gThumb, mpv, Franz messenger, LibreOffice
* pix, audacity, xz, xzdec, gzip, cpio, less
* Atom Beta, Atom, jitsi, eom, uudeview
* tar (gtar), unzip, unrar, file, skypeforlinux,
* inox, Slack, gnome-chess. Gajim IM client, DOSBox
- Enable apparmor support
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de Wed Jun 8 15:20:43 CEST 2016 - tiwai@suse.de

9
firejail.spec
View File

@ -17,14 +17,15 @@
Name: firejail Name: firejail
Version: 0.9.40 Version: 0.9.42
Release: 0 Release: 0
Summary: Linux namepaces sandbox program Summary: Linux namepaces sandbox program
License: GPL-2.0 License: GPL-2.0
Group: Productivity/Security Group: Productivity/Security
Url: https://firejail.wordpress.com/ Url: https://firejail.wordpress.com/
Source0: %{name}-%{version}.tar.bz2 Source0: %{name}-%{version}.tar.xz
Source1: %{name}.rpmlintrc Source1: %{name}.rpmlintrc
BuildRequires: libapparmor-devel
BuildRequires: gcc-c++ BuildRequires: gcc-c++
Requires(pre): permissions Requires(pre): permissions
@ -41,7 +42,8 @@ Linux namespace support. It supports sandboxing specific users upon login.
%setup -q %setup -q
%build %build
%configure --docdir=%{_docdir}/%{name} %configure --docdir=%{_docdir}/%{name} \
--enable-apparmor
make %{?_smp_mflags} VERBOSE=1 make %{?_smp_mflags} VERBOSE=1
%install %install
@ -68,5 +70,6 @@ make %{?_smp_mflags} DESTDIR=%{buildroot} install
%{_mandir}/man5/* %{_mandir}/man5/*
%dir %{_sysconfdir}/%{name} %dir %{_sysconfdir}/%{name}
%config %{_sysconfdir}/%{name}/* %config %{_sysconfdir}/%{name}/*
/etc/apparmor.d
%changelog %changelog