firejail (0.9.63) baseline; urgency=low * work in progress * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime, jitsi-meet-desktop * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im, strawberry * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird, freetube * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser -- netblue30 Tue, 21 Apr 2020 08:00:00 -0500 firejail (0.9.62) baseline; urgency=low * added file-copy-limit in /etc/firejail/firejail.config * profile templates (/usr/share/doc/firejail) * allow-debuggers support in profiles * several seccomp enhancements * compiler flags autodetection * move chroot entirely from path based to file descriptor based mounts * whitelisting /usr/share in a large number of profiles * new scripts in conrib: gdb-firejail.sh and sort.py * enhancement: whitelist /usr/share in some profiles * added signal mediation ot apparmor profile * new conditions: HAS_X11, HAS_NET * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc * new profiles: electron-mail, gist, gist-paste -- netblue30 Sat, 28 Dec 2019 08:00:00 -0500 firejail (0.9.60) baseline; urgency=low * security bug reported by Austin Morton: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. * memory-deny-write-execute now also blocks memfd_create * add private-cwd option to control working directory within jail * blocking system D-Bus socket with --nodbus * bringing back Centos 6 support * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool * new profiles: netactview, redshift, devhelp, assogiate, subdownloader * new profiles: font-manager, exfalso, gconf-editor, dconf-editor * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata -- netblue30 Sun, 26 May 2019 08:00:00 -0500 firejail (0.9.58,2) baseline; urgency=low * cgroup flag in /etc/firejail/firejail.config file * name-change flag in /etc/firejail.config file * --name rework * new profiles: klavaro, vscodium * browser profiles fixes * various other bugfixes -- netblue30 Fri, 8 Feb 2019 08:00:00 -0500 firejail (0.9.58) baseline; urgency=low * --disable-mnt rework * --net.print command * GitLab CI/CD integration: disto specific builds * profile parser enhancements and conditional handling support for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F * profile name support * added explicit nonewprivs support to join option * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms * new profiles: devilspie, devilspie2, easystroke, github-desktop, min * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland * new profiles: supertuxkart, ghostwriter, gajim-history-manager * bugfixes -- netblue30 Sat, 26 Jan 2019 08:00:00 -0500 firejail (0.9.56) baseline; urgency=low * modif: removed CFG_CHROOT_DESKTOP configuration option * modif: removed compile time --enable-network=restricted * modif: removed compile time --disable-bind * modif: --net=none allowed even if networking was disabled at compile time or at run time * modif: allow system users to run the sandbox * support wireless devices in --net option * support tap devices in --net option (tunneling support) * allow IP address configuration if the parent interface specified by --net is not configured (--netmask) * support for firetunnel utility * disable U2F devices (--nou2f) * add --private-cache to support private ~/.cache * support full paths in private-lib * globbing support in private-lib * support for local user directories in firecfg (--bindir) * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 * new profiles: start-tor-browser.desktop -- netblue30 Tue, 18 Sep 2018 08:00:00 -0500 firejail (0.9.54) baseline; urgency=low * modif: --force removed * modif: --csh, --zsh removed * modif: --debug-check-filename removed * modif: --git-install and --git-uninstall removed * modif: support for private-bin, private-lib and shell none has been disabled while running AppImage archives in order to be able to use our regular profile files with AppImages. * modif: restrictions for /proc, /sys and /run/user directories are moved from AppArmor profile into firejail executable * modif: unifying Chromium and Firefox browsers profiles. All users of Firefox-based browsers who use addons and plugins that read/write from ${HOME} will need to uncomment the includes for firefox-common-addons.inc in firefox-common.profile. * modif: split disable-devel.inc into disable-devel and disable-interpreters.inc * Firejail user access database (/etc/firejail/firejail.users, man firejail-users) * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) * Spectre mitigation patch for gcc and clang compiler * D-Bus handling (--nodbus) * AppArmor support for overlayfs and chroot sandboxes * AppArmor support for AppImages * Enable AppArmor by default for a large number of programs * firejail --apparmor.print option * firemon --apparmor option * apparmor yes/no flag in /etc/firejail/firejail.config * seccomp syscall list update for glibc 2.26-10 * seccomp disassembler for --seccomp.print option * seccomp machine code optimizer for default seccomp filters * IPv6 DNS support * whitelist support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes * added sandbox name support in firemon * firemon/prctl enhancements * noblacklist support for /sys/module directory * whitelist support for /sys/module directory * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, * new profiles: qmmp, sayonara -- netblue30 Wed, 16 May 2018 08:00:00 -0500 firejail (0.9.52) baseline; urgency=low * modif: --allow-private-blacklists was deprecated; blacklisting, read-only, read-write, tmpfs and noexec are allowed in private home directories * modif: remount-proc-sys deprecated from firejail.config * modif: follow-symlink-private-bin deprecated from firejail.config * modif: --profile-path was deprecated * enhancement: support Firejail user config directory in firecfg * enhancement: disable DBus activation in firecfg * enhancement; enumerate root directories in apparmor profile * enhancement: /etc and /usr/share whitelisting support * enhancement: globbing support for --private-bin * feature: systemd-resolved integration * feature: whitelisting /var directory in most profiles * feature: GTK2, GTK3 and Qt4 private-lib support * feature: --debug-private-lib * feature: test deployment of private-lib for the following applications: evince, galculator, gnome-calculator, leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, atril, mate-color-select, tar, file, strings, gpicview, eom, eog, gedit, pluma * feature: --writable-run-user * feature: --rlimit-as * feature: --rlimit-cpu * feature: --timeout * feature: profile build tool (--build) * feature: --netfilter.print * feature: --netfilter6.print * feature: netfilter template support * new profiles: upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles, https://github.com/nyancat18/fe, https://aur.archlinux.org/packages/firejail-profiles. * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4 -- netblue30 Thu, 7 Dec 2017 08:00:00 -0500 firejail (0.9.50) baseline; urgency=low * modif: --output split in two commands, --output and --output-stderr * feature: per-profile disable-mnt (--disable-mnt) * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) * feature: private /lib directory (--private-lib) * feature: disable CDROM/DVD drive (--nodvd) * feature: disable DVB devices (--notv) * feature: --profile.print * enhancement: print all seccomp filters under --debug * enhancement: /proc/sys mounting * enhancement: rework IP address assignment for --net options * enhancement: support for newer Xpra versions (2.1+) - set xpra-attach yes in /etc/firejail/firejail.config * enhancement: all profiles use a standard layout style * enhancement: create /usr/local for firecfg if the directory doesn't exist * enhancement: allow full paths in --private-bin * seccomp feature: --memory-deny-write-execute * seccomp feature: seccomp post-exec * seccomp feature: block secondary architecture (--seccomp.block_secondary) * seccomp feature: seccomp syscall groups * seccomp enhancement: print all seccomp filters under --debug * seccomp enhancement: default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball * new profiles: sqlitebrowse, Yandex Browser, minetest * bugfixes -- netblue30 Sat, 30 Sep 2017 08:00:00 -0500 firejail (0.9.50~rc1) baseline; urgency=low * release pending! * modif: --output split in two commands, --output and --output-stderr * feature: per-profile disable-mnt (--disable-mnt) * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) * feature: private /lib directory (--private-lib) * feature: disable CDROM/DVD drive (--nodvd) * feature: disable DVB devices (--notv) * feature: --profile.print * enhancement: print all seccomp filters under --debug * enhancement: /proc/sys mounting * enhancement: rework IP address assignment for --net options * enhancement: support for newer Xpra versions (2.1+) - set xpra-attach yes in /etc/firejail/firejail.config * enhancement: all profiles use a standard layout style * enhancement: create /usr/local for firecfg if the directory doesn't exist * enhancement: allow full paths in --private-bin * seccomp feature: --memory-deny-write-execute * seccomp feature: seccomp post-exec * seccomp feature: block secondary architecture (--seccomp.block_secondary) * seccomp feature: seccomp syscall groups * seccomp enhancement: print all seccomp filters under --debug * seccomp enhancement: default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball * new profiles: sqlitebrowse, Yandex Browser, minetest * bugfixes -- netblue30 Mon, 12 Jun 2017 20:00:00 -0500 firejail (0.9.48) baseline; urgency=low * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes -- netblue30 Mon, 12 Jun 2017 08:00:00 -0500 firejail (0.9.46) baseline; urgency=low * security: split most of networking code in a separate executable * security: split seccomp filter code configuration in a separate executable * security: split file copying in private option in a separate executable * feature: disable gnupg and systemd directories under /run/user * feature: test coverage (gcov) support * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) * feature: private /opt directory (--private-opt, profile support) * feature: private /srv directory (--private-srv, profile support) * feature: spoof machine-id (--machine-id, profile support) * feature: allow blacklists under --private (--allow-private-blacklist, profile support) * feature: user-defined /etc/hosts file (--hosts-file, profile support) * feature: support for the real /var/log directory (--writable-var-log, profile support) * feature: config support for firejail prompt in terminals * feature: AppImage type 2 support * feature: pass command line arguments to appimages * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come * feature: added a number of Python scripts for handling sandboxes * feature: allow local customization using .local files under /etc/firejail * feature: follow-symlink-as-user runtime config option in /etc/firejail/firejail.config * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config * feature: xvfb X11 server support (--x11=xvfb) * feature: allow /tmp directory in mkdir and mkfile profile commands * feature: implemented --noblacklist command, profile support * feature: config support to disable access to /mnt and /media (disable-mnt) * feature: config support to disable join (join) * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf * feature: support overlay, overlay-named and overlay-tmpfs in profile files * feature: allow PulseAudio sockets in --private-tmp * feature: --fix-sound support in firecfg * feature: added support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started with firejail --x11 * feature: enable automatic X server sandboxing for --x11=xpra and --x11=xephyr * feature: support for Xpra extra params in firejail config file * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr * new profiles: Blender, 2048-qt * bugfixes -- netblue30 Sun, 14 May 2017 08:00:00 -0500 firejail (0.9.44.10) baseline; urgency=low * security: when using --x11=xorg and --net, incorrect processing of the return code of /usr/bin/xauth could end up in starting the sandbox without X11 security extension installed. Problem found/fixed by Zack Weinberg * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects most browsers, and disables the custom certificates installed by the user * bugfix: firecfg config fix * bugfix: gajim security profile fix * bugfix: man page fix * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config * bugfix: memory corruption in noblacklist processing * bugfix: --quiet fix for Arch and Fedora systems * bugfix: updated Keepass(x) profiles * bugfix: firemon --nowrap problem * bugfix: document firemon --nowrap in man page and in --help option * bugfix: bash completion for --noblacklist command * bugfix: vlc profile fix * bugfix: fixed handling of .local profile files when the software is installed in ~/.local directory * bugfix: temporarily remove private-tmp from all profiles, until a fix for .Xauthority file handling in KDE becomes available * maintenance: --output cleanup * maintenance: updated copyright statement in all files -- netblue30 Sat, 18 Mar 2017 10:00:00 -0500 firejail (0.9.44.8) baseline; urgency=low * bugfix: fix broken PulseAudio support -- netblue30 Wed, 18 Jan 2017 10:00:00 -0500 firejail (0.9.44.6) baseline; urgency=low * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week, new CVE code assigned after release: CVE-2017-5940 * security: major cleanup of file copying code * security: tightening the rules for --chroot and --overlay features * bugfix: ported Gentoo compile patch * bugfix: Nvidia drivers bug in --private-dev * bugfix: fix ASSERT_PERMS_FD macro * feature: allow local customization using .local files under /etc/firejail backported from our development branch * feature: spoof machine-id backported from our development branch -- netblue30 Sun, 15 Jan 2017 10:00:00 -0500 firejail (0.9.44.4) baseline; urgency=low * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * security: disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) -- netblue30 Sat, 7 Jan 2017 10:00:00 -0500 firejail (0.9.44.2) baseline; urgency=low * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) * security: several security enhancements * bugfix: crashing VLC by pressing Ctrl-O * bugfix: use user configured icons in KDE * bugfix: mkdir and mkfile are not applied to private directories * bugfix: cannot open files on Deluge running under KDE * bugfix: --private=dir where dir is the user home directory * bugfix: cannot start Vivaldi browser * bugfix: cannot start mupdf * bugfix: ssh profile problems * bugfix: --quiet * bugfix: quiet in git profile * bugfix: memory corruption -- netblue30 Fri, 2 Dec 2016 08:00:00 -0500 firejail (0.9.44) baseline; urgency=low * CVE-2016-9016 submitted by Aleksey Manevich * modifs: removed man firejail-config * modifs: --private-tmp whitelists /tmp/.X11-unix directory * modifs: Nvidia drivers added to --private-dev * modifs: /srv supported by --whitelist * feature: allow user access to /sys/fs (--noblacklist=/sys/fs) * feature: support starting/joining sandbox is a single command (--join-or-start) * feature: X11 detection support for --audit * feature: assign a name to the interface connected to the bridge (--veth-name) * feature: all user home directories are visible (--allusers) * feature: add files to sandbox container (--put) * feature: blocking x11 (--x11=block) * feature: X11 security extension (--x11=xorg) * feature: disable 3D hardware acceleration (--no3d) * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * feature: move files in sandbox (--put) * feature: accept wildcard patterns in user name field of restricted shell login feature * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * new profiles: Flowblade, Eye of GNOME (eog), Evolution * bugfixes -- netblue30 Fri, 21 Oct 2016 08:00:00 -0500 firejail (0.9.42) baseline; urgency=low * security: --whitelist deleted files, submitted by Vasya Novikov * security: disable x32 ABI in seccomp, submitted by Jann Horn * security: tighten --chroot, submitted by Jann Horn * security: terminal sandbox escape, submitted by Stephan Sokolow * security: several TOCTOU fixes submitted by Aleksey Manevich * modifs: bringing back --private-home option * modifs: deprecated --user option, please use "sudo -u username firejail" * modifs: allow symlinks in home directory for --whitelist option * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" * modifs: recursive mkdir * modifs: include /dev/snd in --private-dev * modifs: seccomp filter update * modifs: release archives moved to .xz format * feature: AppImage support (--appimage) * feature: AppArmor support (--apparmor) * feature: Ubuntu snap support (/etc/firejail/snap.profile) * feature: Sandbox auditing support (--audit) * feature: remove environment variable (--rmenv) * feature: noexec support (--noexec) * feature: clean local overlay storage directory (--overlay-clean) * feature: store and reuse overlay (--overlay-named) * feature: allow debugging inside the sandbox with gdb and strace (--allow-debuggers) * feature: mkfile profile command * feature: quiet profile command * feature: x11 profile command * feature: option to fix desktop files (firecfg --fix) * compile time: Busybox support (--enable-busybox-workaround) * compile time: disable overlayfs (--disable-overlayfs) * compile time: disable whitelisting (--disable-whitelist) * compile time: disable global config (--disable-globalcfg) * run time: enable/disable overlayfs (overlayfs yes/no) * run time: enable/disable quiet as default (quiet-by-default yes/no) * run time: user-defined network filter (netfilter-default) * run time: enable/disable whitelisting (whitelist yes/no) * run time: enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * run time: enable/disable chroot desktop features (chroot-desktop yes/no) * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice * profiles: pix, audacity, xz, xzdec, gzip, cpio, less * profiles: Atom Beta, Atom, jitsi, eom, uudeview * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, * profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox * bugfixes -- netblue30 Thu, 8 Sept 2016 08:00:00 -0500 firejail (0.9.40) baseline; urgency=low * added --nice option * added --x11 option * added --x11=xpra option * added --x11=xephyr option * added --cpu.print option * added filetransfer options --ls and --get * added --writable-etc and --writable-var options * added --read-only option * added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * --version also prints compile options * --output option also redirects stderr * added compile-time option to restrict --net= to root only * run time config support, man firejail-config * added firecfg utility * AppArmor fixes * default seccomp filter update * disable STUN/WebRTC in default netfilter configuration * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox * new profiles: generic Ubuntu snap application profile, xplayer * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation * new profiles: Brave, Gitter * generic.profile renamed default.profile * build rpm packages using "make rpms" * bugfixes -- netblue30 Sun, 29 May 2016 08:00:00 -0500 firejail (0.9.38.10) baseline; urgency=low * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week new CVE code assigned after release: CVE-2017-5940 * security: tightening the rules for --chroot * bugfix: ported Gentoo compile patch * bugfix: fix ASSERT_PERMS_FD macro -- netblue30 Sun, 15 Jan 2017 10:00:00 -0500 firejail (0.9.38.8) baseline; urgency=low * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) -- netblue30 Sat, 7 Jan 2017 10:00:00 -0500 firejail (0.9.38.6) baseline; urgency=low * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) * bugfix: crashing VLC by pressing Ctrl-O -- netblue30 Fri, 16 Dec 2016 10:00:00 -0500 firejail (0.9.38.4) baseline; urgency=low * CVE-2016-7545 submitted by Aleksey Manevich * bugfixes -- netblue30 Mon, 10 Oct 2016 10:00:00 -0500 firejail (0.9.38.2) baseline; urgency=low * security: --whitelist deleted files, submitted by Vasya Novikov * security: disable x32 ABI, submitted by Jann Horn * security: tighten --chroot, submitted by Jann Horn * security: terminal sandbox escape, submitted by Stephan Sokolow * feature: clean local overlay storage directory (--overlay-clean) * bugfixes -- netblue30 Tue, 23 Aug 2016 10:00:00 -0500 firejail (0.9.38) baseline; urgency=low * IPv6 support (--ip6 and --netfilter6) * --join command enhancement (--join-network, --join-filesystem) * added --user command * added --disable-network and --disable-userns compile time flags * Centos 6 support * symlink invocation * added KMail, Seamonkey, Telegram, Mathematica, uGet, * and mupen64plus profiles * --chroot in user mode allowed only if seccomp support is available * in current Linux kernel (CVE-2016-10123) * deprecated --private-home feature * the first protocol list installed takes precedence * --tmpfs option allowed only running as root (CVE-2016-10117) * added --private-tmp option * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121) * bugfixes -- netblue30 Tue, 2 Feb 2016 10:00:00 -0500 firejail (0.9.36) baseline; urgency=low * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, parole and rtorrent profiles * Google Chrome profile rework * added google-chrome-stable profile * added google-chrome-beta profile * added google-chrome-unstable profile * Opera profile rework * added opera-beta profile * added --noblacklist option * added --profile-path option * added --force option * whitelist command enhancements * prevent user name enumeration * added /etc/firejail/nolocal.net network filter * added /etc/firejail/webserver.net network filter * blacklisting firejail configuration by default * allow default gateway configuration for --interface option * --debug enhancements: --debug-check-filenames, --debug-blacklists, --debug-whitelists * filesystem log * libtrace enhancements, tracing opendir call * added --tracelog option * added "name" command to profile files * added "hostname" command to profile files * added automated feature testing framework * Debian reproducible build * bugfixes -- netblue30 Sun, 27 Dec 2015 09:00:00 -0500 firejail (0.9.34) baseline; urgency=low * added --ignore option * added --protocol option * support dual i386/amd64 seccomp filters * added Google Chrome profile * added Steam, Skype, Wine and Conkeror profiles * bugfixes -- netblue30 Sat, 7 Nov 2015 08:00:00 -0500 firejail (0.9.32) baseline; urgency=low * added --interface option * added --mtu option * added --private-bin option * added --nosound option * added --hostname option * added --quiet option * added seccomp errno support * added FBReader default profile * added Spotify default profile * lots of default security profile changes * fixed a security problem on multi-user systems * bugfixes -- netblue30 Wed, 21 Oct 2015 08:00:00 -0500 firejail (0.9.30) baseline; urgency=low * added a disable-history.inc profile as a result of Firefox PDF.js exploit; disable-history.inc included in all default profiles * Firefox PDF.js exploit (CVE-2015-4495) fixes * added --private-etc option * added --env option * added --whitelist option * support ${HOME} token in include directive in profile files * --private.keep is transitioned to --private-home * support ~ and blanks in blacklist option * support "net none" command in profile files * using /etc/firejail/generic.profile by default for user sessions * using /etc/firejail/server.profile by default for root sessions * added build --enable-fatal-warnings configure option * added persistence to --overlay option * added --overlay-tmpfs option * make install-strip implemented, make install renamed * bugfixes -- netblue30 Mon, 14 Sept 2015 08:00:00 -0500 firejail (0.9.28) baseline; urgency=low * network scanning, --scan option * interface MAC address support, --mac option * IP address range, --iprange option * traffic shaping, --bandwidth option * reworked printing of network status at startup * man pages rework * added firejail-login man page * added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default profiles * added an /etc/firejail/disable-common.inc file to hold common directory blacklists * blacklist Opera and Chrome/Chromium config directories in profile files * support noroot option for profile files * enabled noroot in default profile files * bugfixes -- netblue30 Sat, 1 Aug 2015 08:00:00 -0500 firejail (0.9.26) baseline; urgency=low * private dev directory * private.keep option for whitelisting home files in a new private directory * user namespaces support, noroot option * added Deluge and qBittorent profiles * bugfixes -- netblue30 Thu, 30 Apr 2015 08:00:00 -0500 firejail (0.9.24) baseline; urgency=low * whitelist and blacklist seccomp filters * doubledash option * --shell=none support * netfilter file support in profile files * dns server support in profile files * added --dns.print option * added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem. * added --caps.drop=all in default profiles * new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp * clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init * Bugfix: using /proc/sys/kernel/pid_max for the max number of pids * two build patches from Reiner Herman (tickets 11, 12) * man page patch from Reiner Herman (ticket 13) * output patch (ticket 15) from sshirokov -- netblue30 Sun, 5 Apr 2015 08:00:00 -0500 firejail (0.9.22) baseline; urgency=low * Replaced --noip option with --ip=none * Container stdout logging and log rotation * Added process_vm_readv, process_vm_writev and mknod to * default seccomp blacklist * Added CAP_MKNOD to default caps blacklist * Blacklist and whitelist custom Linux capabilities filters * macvlan device driver support for --net option * DNS server support, --dns option * Netfilter support * Monitor network statistics, --netstats option * Added profile for Mozilla Thunderbird/Icedove * - --overlay support for Linux kernels 3.18+ * Bugfix: preserve .Xauthority file in private mode (test with ssh -X) * Bugfix: check uid/gid for cgroup -- netblue30 Mon, 9 Mar 2015 09:00:00 -0500 firejail (0.9.20) baseline; urgency=low * utmp, btmp and wtmp enhancements * create empty /var/log/wtmp and /var/log/btmp files in sandbox * generate a new /var/run/utmp file in sandbox * CPU affinity, --cpu option * Linux control groups support, --cgroup option * Opera web browser support * VLC support * Added "empty" attribute to seccomp command to remove the default * syscall list form seccomp blacklist * Added --nogroups option to disable supplementary groups for regular * users. root user always runs without supplementary groups. * firemon enhancements * display the command that started the sandbox * added --caps option to display capabilities for all sandboxes * added --cgroup option to display the control groups for all sandboxes * added --cpu option to display CPU affinity for all sandboxes * added --seccomp option to display seccomp setting for all sandboxes * New compile time options: --disable-chroot, --disable-bind * bugfixes -- netblue30 Mon, 02 Feb 2015 08:00:00 -0500 firejail (0.9.18) baseline; urgency=low * Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls * Support for tracing setreuid, setregid, setresuid, setresguid syscalls * Added profiles for transmission-gtk and transmission-qt * bugfixes -- netblue30 Fri, 25 Dec 2014 10:00:00 -0500 firejail (0.9.16) baseline; urgency=low * Configurable private home directory * Configurable default user shell * Software configuration support for --docdir and DESTDIR * Profile file support for include, caps, seccomp and private keywords * Dropbox profile file * Linux capabilities and seccomp filters enabled by default for Firefox, Midori, Evince and Dropbox * bugfixes -- netblue30 Tue, 4 Nov 2014 10:00:00 -0500 firejail (0.9.14) baseline; urgency=low * Linux capabilities and seccomp filters are automatically enabled in chroot mode (--chroot option) if the sandbox is started as regular user * Added support for user defined seccomp blacklists * Added syscall trace support * Added --tmpfs option * Added --balcklist option * Added --read-only option * Added --bind option * Logging enhancements * --overlay option was reactivated * Added firemon support to print the ARP table for each sandbox * Added firemon support to print the route table for each sandbox * Added firemon support to print interface information for each sandbox * bugfixes -- netblue30 Tue, 15 Oct 2014 10:00:00 -0500 firejail (0.9.12.2) baseline; urgency=low * Fix for pulseaudio problems * --overlay option was temporarily disabled in this build -- netblue30 Mon, 29 Sept 2014 07:00:00 -0500 firejail (0.9.12.1) baseline; urgency=low * Fix for pulseaudio problems * --overlay option was temporarily disabled in this build -- netblue30 Mon, 22 Sept 2014 09:00:00 -0500 firejail (0.9.12) baseline; urgency=low * Added capabilities support * Added support for CentOS 7 * bugfixes -- netblue30 Mon, 15 Sept 2014 10:00:00 -0500 firejail (0.9.10) baseline; urgency=low * Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot * Fixed --top option CPU utilization calculation * Implemented --tree option in firejail and firemon * Implemented --join=name option * Implemented --shutdown option * Preserve the current working directory if possible * Cppcheck and clang errors cleanup * Added a Chromium web browser profile -- netblue30 Thu, 28 Aug 2014 07:00:00 -0500 firejail (0.9.8.1) baseline; urgency=low * FIxed a number of bugs introduced in 0.9.8 -- netblue30 Fri, 25 Jul 2014 07:25:00 -0500 firejail (0.9.8) baseline; urgency=low * Implemented nowrap mode for firejail --list command option * Added --top option in both firejail and firemon * seccomp filter support * Added pid support for firemon * bugfixes -- netblue30 Tue, 24 Jul 2014 08:51:00 -0500 firejail (0.9.6) baseline; urgency=low * Mounting tmpfs on top of /var/log, required by several server programs * Server fixes for /var/lib and /var/cache * Private mode fixes * csh and zsh default shell support * Chroot mode fixes * Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd, -- netblue30 Sat, 7 Jun 2014 09:00:00 -0500 firejail (0.9.4) baseline; urgency=low * Fixed resolv.conf on Ubuntu systems using DHCP * Fixed resolv.conf on Debian systems using resolvconf package * Fixed /var/lock directory * Fixed /var/tmp directory * Fixed symbolic links in profile files * Added profiles for evince, midori -- netblue30 Sun, 4 May 2014 08:00:00 -0500 firejail (0.9.2) baseline; urgency=low * Checking IP address passed with --ip option using ARP; exit if the address is already present * Using a lock file during ARP address assignment in order to removed a race condition. * Several fixes to --private option; it also mounts a tmpfs filesystem on top of /tmp * Added user access check for profile file * Added --defaultgw option * Added support of --noip option; it is necessary for DHCP setups * Added syslog support * Added support for "tmpfs" and "read-only" profile commands * Added an expect-based testing framework for the project * Added bash completion support * Added support for multiple networks -- netblue30 Fri, 25 Apr 2014 08:00:00 -0500 firejail (0.9) baseline; urgency=low * First beta version -- netblue30 Sat, 12 Apr 2014 09:00:00 -0500