From 01b741aa80eeb8a6034fd1038667a5906ade3263 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Wed, 25 Feb 2026 15:14:15 -0500 Subject: [PATCH] RELNOTES and some more testing --- README | 3 ++ RELNOTES | 17 ++++++++++- test/apps/apps.sh | 2 +- test/apps/firefox-neteth.exp | 57 ++++++++++++++++++++++++++++++++++++ 4 files changed, 77 insertions(+), 2 deletions(-) create mode 100755 test/apps/firefox-neteth.exp diff --git a/README b/README index fda792689..1b8181438 100644 --- a/README +++ b/README @@ -1020,6 +1020,9 @@ pianoslum (https://github.com/pianoslum) pierretom (https://github.com/pierretom) - bugfix: fix French translation for ${PICTURES} macro (#6942) - bugfix: add missing macros in profile.template (#6948) + - added --debug-syscall-groups command (88a75a6 etc.) + - compile time: include architecture-specific syscall headers (#7000) + - reorganize & update syscall groups (#7024 etc.) pirate486743186 (https://github.com/pirate486743186) - KMail profile - mpsyt profile diff --git a/RELNOTES b/RELNOTES index 49512f7c5..110350011 100644 --- a/RELNOTES +++ b/RELNOTES @@ -5,28 +5,43 @@ firejail (0.9.79) baseline; urgency=low for --profile=filename (#6896) * security: updated the list of terminal emulators that can be used for sandbox escape (cbf4308) + * feature: --debug-syscall-groups command (88a75a6 etc.) + * feature: hide/unhide PID 1 inside the sandbox, command and profile + option (#7046) + * feature: --keep-hostname command and profile option (#7048) + * feature: adding apparmor profiles for --nettrace command (c133313) + * feature: add support for the new XDG-compliant Firefox config + directory (#7040) * compile time: compile fix for --enable-only-syscfg-profiles ./config option (d1a58de) * compile time: removed ./configure --disable-man option (a655b7d) * compile time: removed ./configure --disable-usertmpfs option (b214d08) - * modif: include new generated syscall headers (#7000) + * compile time: include architecture-specific headers (#7000) * modif: reorganize & update syscall groups (#7024 etc.) * modif: make Xephyr default for --x11 option - currently Xpra is not available in Debian/Ubuntu and derivatives (cbb7a38) * bugfix: /home/user is mounted with noexec when --private is used (#6921) * bugfix: Void Linux/musl libc compile fixes (e602396, 0949685) + * bugfix: added link-local addresses to 'nolocal' firewall configs (#7054) + * bugfix: map sandbox hostname to ipv6 in /etc/hosts (#7077) * docs: man: non-ASCII hyphens - copy pasting commands fails on command line (#5903) + * docs: various other fixes and changes * ci: gitlab: install missing git-buildpackage dependency (#7017) * ci: gcov testing scripts update + * ci: update various automated tests + * ci: update and fixes for make test-compile * profiles: yt-dlp: support deno JavaScript engine to fix YouTube (#6999) * profiles: yt-dlp: support browser cookies for authenticated downloads (#7030) * profiles: add deno paths (#7032, 2ba2f2d) * profiles: vesktop: fix screen sharing (#7043, b59005c) + * profiles: disable by default several systemd tools (ca934a2) + * profiles: fix allowing netcat in playonlinux and ssh profiles (#7059) * new profiles: fragments (#7023, 97871d7, f712b9a) * new profiles: srb2 (#6996, 9882aa0) * new profiles: zen, zen-bin, zen-browser (#7029, 09e376d, fa6bfd7) + * cleanup various files (including RELNOTES) after release 0.9.78 -- netblue30 Sat, 3 Jan 2026 11:00:00 -0500 firejail (0.9.78) baseline; urgency=low diff --git a/test/apps/apps.sh b/test/apps/apps.sh index ca739034c..23c38d80c 100755 --- a/test/apps/apps.sh +++ b/test/apps/apps.sh @@ -36,7 +36,7 @@ echo "TESTING: pid 1 functionality (test/apps/pid1.exp)" # X11 apps x11apps=(firefox qbittorrent firefox-xephyr galculator libreoffice firefox-xorg \ - lowriter gimp inkscape emacs okular kdiff3 gpicview audacity \ + lowriter gimp inkscape firefox-neteth emacs okular kdiff3 gpicview audacity \ pauvcontrol mpv dosbox gnome-screenshot \ xterm x11-none xterm-xorg xterm-xephyr xterm-xpra firefox-xpra) diff --git a/test/apps/firefox-neteth.exp b/test/apps/firefox-neteth.exp new file mode 100755 index 000000000..632cd9c6f --- /dev/null +++ b/test/apps/firefox-neteth.exp @@ -0,0 +1,57 @@ +#!/usr/bin/expect -f +# This file is part of Firejail project +# Copyright (C) 2014-2026 Firejail Authors +# License GPL v2 + +set timeout 10 +spawn $env(SHELL) +match_max 100000 + +send -- "firejail --private --ignore=dns --net=enp5s0 firefox --no-remote www.debian.org\r" +expect { + timeout {puts "TESTING ERROR 0\n";exit} + "Reading profile /etc/firejail/firefox.profile" +} +expect { + timeout {puts "TESTING ERROR 0.1\n";exit} + "Interface" +} +expect { + timeout {puts "TESTING ERROR 0.2\n";exit} + "eth0-" +} +expect { + timeout {puts "TESTING ERROR 0.3\n";exit} + "Default gateway" +} +expect { + timeout {puts "TESTING ERROR 1\n";exit} + -re "Child process initialized in \[0-9\]+.\[0-9\]+ ms" +} +sleep 5 + +spawn $env(SHELL) +send -- "firejail --list\r" +expect { + timeout {puts "TESTING ERROR 2\n";exit} + "firejail" +} +expect { + timeout {puts "TESTING ERROR 3\n";exit} + "firefox" +} +after 100 + +spawn $env(SHELL) +send -- "firemon --seccomp\r" +expect { + timeout {puts "TESTING ERROR 4\n";exit} + "firefox" +} +expect { + timeout {puts "TESTING ERROR 5\n";exit} + "Seccomp: 2" +} +sleep 1 + +puts "\nall done\n"