These profile-related changes seem significant enough to warrant
entries, as #6021 adds some guidance on the use of private-opt and #5987
standardizes the format of commented code in all profiles.
Relates to #5987#6021.
This group is apparently used on Gentoo[1].
Currently only the "audio" supplementary group is kept.
Fixes#5992.
See also commit f32938669 ("Keep vglusers group unless no3d is used
(virtualgl)", 2022-01-07) / PR #4851.
[1] https://wiki.gentoo.org/wiki/PipeWire
Reported-by: @amano-kenji
See the following commits:
* 6fa19aab9 ("feature: use seccomp filters build at install time for
* --restrict-namespaces", 2023-07-12) and commit
* 80eb28483 ("build: restore seccomp filter targets", 2023-07-13)
* 76bd5ad0f ("build: simplify code related to man pages", 2023-07-12)
Relates to #5898.
Simplify the main targets and use wildcards instead of repeating the
filenames manually.
Also, restore the `man` target and building only when `HAVE_MAN` is
enabled.
Note: Make automatically removes intermediate files (.1 and .5), so in
general only the .gz files have to be cleaned.
Commands used to rename the man pages:
cd src/man
git mv firecfg.txt firecfg.1.in
git mv firejail-login.txt firejail-login.5.in
git mv firejail-profile.txt firejail-profile.5.in
git mv firejail-users.txt firejail-users.5.in
git mv firejail.txt firejail.1.in
git mv firemon.txt firemon.1.in
git mv jailcheck.txt jailcheck.1.in
This is kind of a follow-up to commit 9e206b7f2 ("rework src/man
Makefile", 2023-07-07).
Added on commit b689b69f6 ("make --private-lib a compile time option,
disabled by default", 2023-03-09) and on commit 91f2b3ffc ("private-lib
cleanup", 2023-03-09).
Relates to #5727#5732.
Log from a recent run of build_ubuntu_package[1]:
$ ./configure && make deb && dpkg -i firejail*.deb
[...]
dpkg-deb: building package 'firejail' in 'debian.deb'.
A future release will drop --no-tag-display-limit; please use '--tag-display-limit 0' instead.
running with root privileges is not recommended!
E: firejail: latest-changelog-entry-without-new-date [usr/share/doc/firejail/changelog.Debian.gz:1]
[...]
make: *** [Makefile:341: deb] Error 2
$ command -V firejail && firejail --version
/usr/bin/bash: line 139: command: firejail: not found
[1] https://gitlab.com/Firejail/firejail_ci/-/pipelines/832916003
Added in the following commits:
* 336ecb5d6 ("network testing; merges", 2023-03-02)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
Relates to the following commits:
* e4f9f36a4 ("random hostname by default; fix --hostname and
--hosts-file", 2023-02-27)
* 0e48f9933 ("remove firemon --interface option - it is a duplication of
firejail --net.print", 2023-03-08)
This amends commit 707f48a12 ("RELNOTES", 2023-02-14).
Note: The "Allow only letters and digits" modif item was implemented on
commit b4ffaa207 ("merges; more on cleaning up esc chars", 2023-02-14)
and relates to both #5578 and #5613. The "--hostname" part of both the
"Prevent" and the "Allow" modif items was also only added on that
commit. Discussion about the hostname:
https://github.com/netblue30/firejail/pull/5613#issuecomment-1421271389
Relates to #5578.
Move it before modifs, add missing PR reference and make the description
match the PR name.
This amends commit 9d68139d7 ("merges", 2023-02-06).
Relates to #1127#5634.
Change the "fix:" prefix to "bugfix:" and move it below modifs, for
consistency with the previous releases.
Also, add a missing PR reference and make the description match the
current issue title.
Added on commit be88622c8 ("private-etc: fix man page", 2023-01-25).
Relates to #5601#5618.
