mirror of
https://github.com/netblue30/firejail.git
synced 2026-05-16 14:16:16 -06:00
232 lines
9 KiB
Text
232 lines
9 KiB
Text
firejail (0.9.30-rc1) baseline; urgency=low
|
|
* added a disable-history.inc profile as a result of Firefox PDF.js exploit;
|
|
disable-history.inc included in all default profiles
|
|
* Firefox PDF.js exploit (CVE-2015-4495) fixes
|
|
* added --private-etc option
|
|
* added --env option
|
|
* added --whitelist option
|
|
* support ${HOME} token in include directive in profile files
|
|
* --private.keep is transitioned to --private-home
|
|
* support ~ and blanks in blacklist option
|
|
* support "net none" command in profile files
|
|
* using /etc/firejail/generic.profile by default for user sessions
|
|
* using /etc/firejail/server.profile by default for root sessions
|
|
* added build --enable-fatal-warnings configure option
|
|
* bugfixes
|
|
-- netblue30 <netblue30@yahoo.com> Wed, 9 Sept 2015 08:00:00 -0500
|
|
|
|
firejail (0.9.28) baseline; urgency=low
|
|
* network scanning, --scan option
|
|
* interface MAC address support, --mac option
|
|
* IP address range, --iprange option
|
|
* traffic shaping, --bandwidth option
|
|
* reworked printing of network status at startup
|
|
* man pages rework
|
|
* added firejail-login man page
|
|
* added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default
|
|
profiles
|
|
* added an /etc/firejail/disable-common.inc file to hold common directory
|
|
blacklists
|
|
* blacklist Opera and Chrome/Chromium config directories in profile files
|
|
* support noroot option for profile files
|
|
* enabled noroot in default profile files
|
|
* bugfixes
|
|
-- netblue30 <netblue30@yahoo.com> Sat, 1 Aug 2015 08:00:00 -0500
|
|
|
|
firejail (0.9.26) baseline; urgency=low
|
|
* private dev directory
|
|
* private.keep option for whitelisting home files in a new private directory
|
|
* user namespaces support, noroot option
|
|
* added Deluge and qBittorent profiles
|
|
* bugfixes
|
|
-- netblue30 <netblue30@yahoo.com> Thu, 30 Apr 2015 08:00:00 -0500
|
|
|
|
|
|
firejail (0.9.24) baseline; urgency=low
|
|
* whitelist and blacklist seccomp filters
|
|
* doubledash option
|
|
* --shell=none support
|
|
* netfilter file support in profile files
|
|
* dns server support in profile files
|
|
* added --dns.print option
|
|
* added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem.
|
|
* added --caps.drop=all in default profiles
|
|
* new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp
|
|
* clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init
|
|
* Bugfix: using /proc/sys/kernel/pid_max for the max number of pids
|
|
* two build patches from Reiner Herman (tickets 11, 12)
|
|
* man page patch from Reiner Herman (ticket 13)
|
|
* output patch (ticket 15) from sshirokov
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Sun, 5 Apr 2015 08:00:00 -0500
|
|
|
|
firejail (0.9.22) baseline; urgency=low
|
|
* Replaced --noip option with --ip=none
|
|
* Container stdout logging and log rotation
|
|
* Added process_vm_readv, process_vm_writev and mknod to
|
|
* default seccomp blacklist
|
|
* Added CAP_MKNOD to default caps blacklist
|
|
* Blacklist and whitelist custom Linux capabilities filters
|
|
* macvlan device driver support for --net option
|
|
* DNS server support, --dns option
|
|
* Netfilter support
|
|
* Monitor network statistics, --netstats option
|
|
* Added profile for Mozilla Thunderbird/Icedove
|
|
* - --overlay support for Linux kernels 3.18+
|
|
* Bugfix: preserve .Xauthority file in private mode (test with ssh -X)
|
|
* Bugfix: check uid/gid for cgroup
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Mon, 9 Mar 2015 09:00:00 -0500
|
|
|
|
firejail (0.9.20) baseline; urgency=low
|
|
* utmp, btmp and wtmp enhancements
|
|
* create empty /var/log/wtmp and /var/log/btmp files in sandbox
|
|
* generate a new /var/run/utmp file in sandbox
|
|
* CPU affinity, --cpu option
|
|
* Linux control groups support, --cgroup option
|
|
* Opera web browser support
|
|
* VLC support
|
|
* Added "empty" attribute to seccomp command to remove the default
|
|
* syscall list form seccomp blacklist
|
|
* Added --nogroups option to disable supplementary groups for regular
|
|
* users. root user always runs without supplementary groups.
|
|
* firemon enhancements
|
|
* display the command that started the sandbox
|
|
* added --caps option to display capabilities for all sandboxes
|
|
* added --cgroup option to display the control groups for all sandboxes
|
|
* added --cpu option to display CPU affinity for all sandboxes
|
|
* added --seccomp option to display seccomp setting for all sandboxes
|
|
* New compile time options: --disable-chroot, --disable-bind
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Mon, 02 Feb 2015 08:00:00 -0500
|
|
|
|
firejail (0.9.18) baseline; urgency=low
|
|
* Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls
|
|
* Support for tracing setreuid, setregid, setresuid, setresguid syscalls
|
|
* Added profiles for transmission-gtk and transmission-qt
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Fri, 25 Dec 2014 10:00:00 -0500
|
|
|
|
firejail (0.9.16) baseline; urgency=low
|
|
* Configurable private home directory
|
|
* Configurable default user shell
|
|
* Software configuration support for --docdir and DESTDIR
|
|
* Profile file support for include, caps, seccomp and private keywords
|
|
* Dropbox profile file
|
|
* Linux capabilities and seccomp filters enabled by default for Firefox,
|
|
Midori, Evince and Dropbox
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Tue, 4 Nov 2014 10:00:00 -0500
|
|
|
|
firejail (0.9.14) baseline; urgency=low
|
|
* Linux capabilities and seccomp filters are automatically enabled in
|
|
chroot mode (--chroot option) if the sandbox is started as regular user
|
|
* Added support for user defined seccomp blacklists
|
|
* Added syscall trace support
|
|
* Added --tmpfs option
|
|
* Added --balcklist option
|
|
* Added --read-only option
|
|
* Added --bind option
|
|
* Logging enhancements
|
|
* --overlay option was reactivated
|
|
* Added firemon support to print the ARP table for each sandbox
|
|
* Added firemon support to print the route table for each sandbox
|
|
* Added firemon support to print interface information for each sandbox
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Tue, 15 Oct 2014 10:00:00 -0500
|
|
|
|
firejail (0.9.12.2) baseline; urgency=low
|
|
* Fix for pulseaudio problems
|
|
* --overlay option was temporarily disabled in this build
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Mon, 29 Sept 2014 07:00:00 -0500
|
|
|
|
firejail (0.9.12.1) baseline; urgency=low
|
|
* Fix for pulseaudio problems
|
|
* --overlay option was temporarily disabled in this build
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Mon, 22 Sept 2014 09:00:00 -0500
|
|
|
|
firejail (0.9.12) baseline; urgency=low
|
|
* Added capabilities support
|
|
* Added support for CentOS 7
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Mon, 15 Sept 2014 10:00:00 -0500
|
|
|
|
firejail (0.9.10) baseline; urgency=low
|
|
* Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot
|
|
* Fixed --top option CPU utilization calculation
|
|
* Implemented --tree option in firejail and firemon
|
|
* Implemented --join=name option
|
|
* Implemented --shutdown option
|
|
* Preserve the current working directory if possible
|
|
* Cppcheck and clang errors cleanup
|
|
* Added a Chromium web browser profile
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Thu, 28 Aug 2014 07:00:00 -0500
|
|
|
|
firejail (0.9.8.1) baseline; urgency=low
|
|
* FIxed a number of bugs introduced in 0.9.8
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Fri, 25 Jul 2014 07:25:00 -0500
|
|
|
|
firejail (0.9.8) baseline; urgency=low
|
|
* Implemented nowrap mode for firejail --list command option
|
|
* Added --top option in both firejail and firemon
|
|
* seccomp filter support
|
|
* Added pid support for firemon
|
|
* bugfixes
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Tue, 24 Jul 2014 08:51:00 -0500
|
|
|
|
firejail (0.9.6) baseline; urgency=low
|
|
|
|
* Mounting tmpfs on top of /var/log, required by several server programs
|
|
* Server fixes for /var/lib and /var/cache
|
|
* Private mode fixes
|
|
* csh and zsh default shell support
|
|
* Chroot mode fixes
|
|
* Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd,
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Sat, 7 Jun 2014 09:00:00 -0500
|
|
|
|
firejail (0.9.4) baseline; urgency=low
|
|
|
|
* Fixed resolv.conf on Ubuntu systems using DHCP
|
|
* Fixed resolv.conf on Debian systems using resolvconf package
|
|
* Fixed /var/lock directory
|
|
* Fixed /var/tmp directory
|
|
* Fixed symbolic links in profile files
|
|
* Added profiles for evince, midori
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Sun, 4 May 2014 08:00:00 -0500
|
|
|
|
firejail (0.9.2) baseline; urgency=low
|
|
|
|
* Checking IP address passed with --ip option using ARP; exit if the address
|
|
is already present
|
|
* Using a lock file during ARP address assignment in order to removed a race
|
|
condition.
|
|
* Several fixes to --private option; it also mounts a tmpfs filesystem on top
|
|
of /tmp
|
|
* Added user access check for profile file
|
|
* Added --defaultgw option
|
|
* Added support of --noip option; it is necessary for DHCP setups
|
|
* Added syslog support
|
|
* Added support for "tmpfs" and "read-only" profile commands
|
|
* Added an expect-based testing framework for the project
|
|
* Added bash completion support
|
|
* Added support for multiple networks
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Fri, 25 Apr 2014 08:00:00 -0500
|
|
|
|
firejail (0.9) baseline; urgency=low
|
|
|
|
* First beta version
|
|
|
|
-- netblue30 <netblue30@yahoo.com> Sat, 12 Apr 2014 09:00:00 -0500
|