Related commits:
* 6a6ff981b ("add a syscall header for the x32 ABI", 2026-03-05)
* 3db2e976e ("update: s390 syscall table is only for 64-bit now",
2026-03-05)
* e9cccefe1 ("update all system call headers", 2026-03-05)
* 19224d8fb ("RELNOTES: add syscall headers update items", 2026-03-13)
Remove `--keep-hostname` issue, as it was replaced with
`--hostname-randomize`.
Related commits:
* 09329b990 ("modif: replace --keep-hostname with new
--hostname-randomize", 2026-03-0t7) / PR #7095
Relates to #7062#7069#7095.
if strace runs in a terminal, it probes the background color to select
its color palette. this probing expects a reply, but due to expect
intercepting the io, the answer isn't sent back to strace, so it never
starts printing the expected output.
Changes:
* Keep hostname by default (same as using `--keep-hostname`)
* Add `--hostname-randomize` command to randomize the hostname
* Ignore `--keep-hostname` command and print a warning if it is used
Setting a different hostname inside of the sandbox may prevent X11
programs from authenticating to the X server and displaying windows at
all (see #7062).
To avoid breakage, keep the hostname as is by default and only set it to
a random value if a new `hostname-randomize` command is used.
This also avoids potentially surprising behavior, as the user might not
expect the hostname to be changed inside of the sandbox, considering
that usually the protections that are applied firejail involve
restricting access to resources (like file paths), rather than modifying
their values inside of the sandbox.
Fixes#7062
Relates to #7048#7069.
Fix formatting, reword, add commit reference and move.
The changes related to the items in question were made to not only the
CI files in .github/workflows, but also to the local test files and
scripts.
So use test items to clarify that their changes are not just strictly CI
changes.
Add a commit reference just to the "make test-compile" item because the
other items seem to relate to many commits.
Replace commit references with issue references.
Related commits:
* cbb7a3897 ("make Xephyr default for --x11 obption - currently Xpra is
not available in Debian/Ubuntu and derivatives", 2026-01-17)
* c13331305 ("adding apparmor profiles for --nettrace option",
2026-02-11)
Relates to #7093#7094.
Related commits:
* 188d5f16d ("--profile=FILE rework (#6896)", 2026-01-05).
* 54a741ecc ("update README.md", 2026-01-05)
See commit 491b46cfa ("docs: always use full path to program in examples
(#6963)", 2025-11-16).
This appears to be related to the following commits:
* 524d67aa7 ("main page", 2026-01-02)
* bf05f54f1 ("main page", 2026-01-02)
* 0963b9ef0 ("docs: README.md: improve formatting of 0.9.78 section", 2026-01-03)
* 48bcae900 ("README: reword new profile items and copy to RELNOTES (0.9.78)", 2026-01-03)
* 04a211071 ("RELNOTES: add build and ci items (0.9.78)", 2026-01-03)
* 35d61001e ("RELNOTES: clarify fbwrap item", 2026-01-03)
* 0faac5121 ("RELNOTES: reword/move syscall headers item to 0.9.78", 2026-02-28)
Added on commit 01b741aa8 ("RELNOTES and some more testing",
2026-02-25).
- src/lib/syscall.c
- Update the comment to also match `gettimeofday`
- Sort the content of `@default-keep` by alphabetical order
- etc/templates/syscalls.txt
- Update the Definition of groups
It was released in 0.9.78.
Related commits:
* ff1f53f1e ("include new generated syscall_*.h header files",
2025-12-27)
* af59f6173 ("Merge pull request #7000 from pierretom/patch7",
2026-01-07)
* 01b741aa8 ("RELNOTES and some more testing", 2026-02-25)
* 8ca11b335 ("RELNOTES: improve and move items into build items",
2026-02-27)
Relates to #7000.
Related commits:
* 7cd2c208f ("merges", 2025-12-04)
* c5c7af86b ("README: reword many items and copy to RELNOTES",
2025-12-28)
Relates to #6956#6960#6961.
Remove commit references from the items that already have a PR
reference, for consistency with the rest of the items.
Related commits:
* 5dc63f1a0 ("RELNOTES update", 2026-01-22)
* 65878d606 ("RELNOTES: format/improve profile items", 2026-02-03)
Relates to #6996#7023#7029#7032#7043.
Related commits:
* cbf43089f ("update the list of terminal emulators that can be used for
sandbox escape", 2026-01-19)
* c8a67075b ("profiles: disable-common: sort list of terminal
emulators", 2026-02-27)
Note: The bug reported in #7040 is the same as the one in #7056.
Added on commit 01b741aa8 ("RELNOTES and some more testing",
2026-02-25).
Relates to #7040#7056#7061.
Currently only the sandbox hostname is mapped to the default IP
addresses in /etc/hosts.
Default hosts file:
$ cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 localhost
::1 localhost
Before:
$ firejail --quiet --noprofile --hostname=foo cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 foo
::1 foo
After:
$ firejail --quiet --noprofile --hostname=foo cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 foo
127.0.0.1 localhost
::1 foo
::1 localhost
This is a follow-up to #7077.
Fixes#7048.
Reported-by: @liloman
Currently it is only mapped to ipv4, so add an ipv6 line.
Default hosts file:
$ cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 localhost
::1 localhost
Before:
$ firejail --quiet --noprofile --hostname=foo cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 foo
::1 localhost
After:
$ firejail --quiet --noprofile --hostname=foo cat /etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.
127.0.0.1 foo
::1 foo
Related commits:
* 6f164f415 ("--keep-hostname part 2 (#7048)", 2026-02-03)
Relates to #7048.
Reported-by: @liloman
