merges

2026-05-22 06:05:38 -06:00 · 2022-08-14 09:00:01 -04:00 · 2022-08-14 09:00:01 -04:00 · d4323ae26f
commit d4323ae26f
parent b987cf001a
3 changed files with 45 additions and 4 deletions
--- a/2
+++ b/2
@ -182,6 +182,8 @@ avoidr (https://github.com/avoidr)
 	- added mcabber profile
 	- fixed mpv profile
 	- various other fixes
+Азалия Смарагдова/ChrysoliteAzalea (https://github.com/ChrysoliteAzalea)
+	-  add support for custom AppArmor profiles (--apparmor=)
 backspac (https://github.com/backspac)
 	- firecfg fixes
 	- add steam-runtime alias
--- a/README.md
+++ b/README.md
@ -182,6 +182,43 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe

 Milestone page: https://github.com/netblue30/firejail/milestone/1

+### Restrict namespaces
+
+`````
+       --restrict-namespaces
+              Install a seccomp filter that  blocks  attempts  to  create  new
+              cgroup, ipc, net, mount, pid, time, user or uts namespaces.
+
+              Example:
+              $ firejail --restrict-namespaces
+
+       --restrict-namespaces=cgroup,ipc,net,mnt,pid,time,user,uts
+              Install  a  seccomp filter that blocks attempts to create any of
+              the specified namespaces. The filter examines the  arguments  of
+              clone, unshare and setns system calls and returns error EPERM to
+              the process (or kills it or logs the attempt, see  --seccomp-er‐
+              ror-action below) if necessary. Note that the filter is not able
+              to examine the arguments of clone3 system calls, and always  re‐
+              sponds to these calls with error ENOSYS.
+
+              Example:
+              $ firejail --restrict-namespaces=user,net
+`````
+
+#### Support for custom AppArmor profiles
+
+`````
+      --apparmor
+              Enable AppArmor confinement with the "firejail-default" AppArmor
+              profile.   For more information, please see APPARMOR section be‐
+              low.
+
+       --apparmor=profile_name
+              Enable AppArmor confinement  with  a  custom  AppArmor  profile.
+              Note  that  profile  in question must already be loaded into the
+              kernel.  For more information, please see APPARMOR  section  be‐
+`````
+
 ### Profile Statistics

 A small tool to print profile statistics. Compile and install as usual. The tool is installed in /usr/lib/firejail directory.
--- a/10
+++ b/10
@ -1,13 +1,15 @@
 firejail (0.9.71) baseline; urgency=low
  * work in progress
-  * feat: On failing to remount a fuse filesystem, give warning instead of
-  * erroring out (#5240 #5242)
-  * build: deduplicate configure-time vars into new config files (#5140 #5284)
+  * feature: restrict namespaces (--restrict-namespaces) inplemented as
+    a seccomp filter for both 64 and 32 bit architectures
+  * feature: On failing to remount a fuse filesystem, give warning instead of
+    erroring out (#5240 #5242)
+  * feature: support for custom AppArmor profiles (--apparmor=) (#5274)
+  * build: deduplicate configure-time vars into new config files (#5140)
  * build: fix file mode of shell scripts (644 -> 755) (#5206)
  * build: reduce autoconf input files from 32 to 2 (#5219)
  * build: add dist build directory to .gitignore (#5248)
  * build: add autoconf auto-generation comment to input files (#5251)
-  * build: Add files make uninstall forgot to remove (#5283)
  * ci: ignore git-related paths and the project license (#5249)
 -- netblue30 <netblue30@yahoo.com>  Sat, 11 Jun 2022 09:00:00 -0500