* new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl
* new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * splitting up media players whitelists in whitelist-players.inc * mkdir and mkfile support for /run/user directory * blacklist shells such as bash in several profiles * firecfg only fix dektop-files if started with sudo With this version nodbus is deprecated, in favor of dbus-user none andĭbus-system none and will be removed in a future version.
Xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. Syscall:kill syntax when constructing filters, or override in Previous behaviour, use -seccomp-error-action=kill or Killing the process to returning EPERM to the caller. * The blocking action of seccomp filters has been changed from * replaced -nowrap option with -wrap in firemon Mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM. Gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu,Īuthenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, Gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, * new profiles: spectacle, chromium-browser-privacy, * setup guide for new users: contrib/firejail-welcome.sh * allow AF_BLUETOOTH via -protocol=bluetooth * allow -tmpfs inside $HOME for unprivileged users * fixed launch firefox for open url in telegram-desktop.profile * disabled overlayfs, pending multiple fixes It supports sandboxing specific users upon login. Many existing applications like Iceweasel/Mozilla Firefox and Chromium.įirejail also expands the restricted shell facility found in bash by adding Source RPM: firejail-0.9.64.4-bp153.1.6.src.rpmįirejail is a SUID sandbox program that reduces the risk of securityīreaches by restricting the running environment of untrusted applications
0 kommentar(er)
