Page MenuHomeSolus

Update Firejail to 0.9.48
Closed, ResolvedPublic

Version 0.9.48

  • modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files
  • modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile
  • feature: --novideo
  • feature: drop discretionary access control capabilities for root sandboxes
  • feature: added /etc/firejail/globals.local for global customizations
  • feature: profile support in overlayfs mode
  • new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake
  • bugfixes

Version 0.9.46

  • security: split most of networking code in a separate executable
  • security: split seccomp filter code configuration in a separate executable
  • security: split file copying in private option in a separate executable
  • feature: disable gnupg and systemd directories under /run/user
  • feature: test coverage (gcov) support
  • feature: allow root user access to /dev/shm (--noblacklist=/dev/shm)
  • feature: private /opt directory (--private-opt, profile support)
  • feature: private /srv directory (--private-srv, profile support)
  • feature: spoof machine-id (--machine-id, profile support)
  • feature: allow blacklists under --private (--allow-private-blacklist, profile support)
  • feature: user-defined /etc/hosts file (--hosts-file, profile support)
  • feature: support for the real /var/log directory (--writable-var-log, profile support)
  • feature: config support for firejail prompt in terminals
  • feature: AppImage type 2 support
  • feature: pass command line arguments to appimages
  • feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come
  • feature: added a number of Python scripts for handling sandboxes
  • feature: allow local customization using .local files under /etc/firejail
  • feature: follow-symlink-as-user runtime config option in /etc/firejail/firejail.config
  • feature: follow-symlink-private-bin option in /etc/firejail/firejail.config
  • feature: xvfb X11 server support (--x11=xvfb)
  • feature: allow /tmp directory in mkdir and mkfile profile commands
  • feature: implemented --noblacklist command, profile support
  • feature: config support to disable access to /mnt and /media (disable-mnt)
  • feature: config support to disable join (join)
  • feature: disabled Go, Rust, and OpenSSL in disable-devel.conf
  • feature: support overlay, overlay-named and overlay-tmpfs in profile files
  • feature: allow PulseAudio sockets in --private-tmp
  • feature: --fix-sound support in firecfg
  • feature: added support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started with firejail --x11
  • feature: enable automatic X server sandboxing for --x11=xpra and --x11=xephyr
  • feature: support for Xpra extra params in firejail config file
  • new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire,
  • new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma,
  • new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator,
  • new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos,
  • new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail,
  • new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa,
  • new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView,
  • new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking,
  • new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent,
  • new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict,
  • new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin,
  • new profiles: mate-calc, mate-dictionary, mate-color-select, caja,
  • new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes
  • new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr
  • new profiles: Blender, 2048-qt
  • bugfixes

Related to T4071.

Event Timeline

DataDrake triaged this task as Normal priority.Aug 20 2017, 10:27 PM
DataDrake moved this task from Backlog to Improvement on the Software board.