Release 0.9.72

* feature: On failing to remount a fuse filesystem, give warning instead of erroring out (#5240 #5242) * feature: Update syscall tables and seccomp groups (#5188) * feature: improve force-nonewprivs security guarantees (#5217 #5271) * feature: add support for restricting the creation of Linux namespaces (--restrict-namespaces, --restrict-namespaces=), implemented as a seccomp filter for both 64 and 32 bit architectures (#4939 #5259) * feature: add support for custom AppArmor profiles (--apparmor=) (#5274 #5316 #5317 #5475) * feature: add support for ICMP in nettrace * feature: add --dnstrace, --icmptrace, and --snitrace commands * feature: Add basic gtksourceview language-spec (file type detection/syntax highlighting for profiles) (#5502) * feature: add restrict-namespaces to (almost) all applicable profiles (#5440 #5537) * feature: add support for netlock in profile files * modif: removed --cgroup= command (#5190 #5200) * modif: set --shell=none as the default (#5190) * modif: removed --shell= command (#5190 #5196 #5209) * modif: disabled firetunnel by default in configure.ac (#5190) * modif: disabled chroot by default in /etc/firejail/firejail.config (#5190) * modif: disabled private-lib by default in /etc/firejail/firejail.config (#5190 #5216) * modif: disabled tracelog by default in /etc/firejail/firejail.config (#5190) * modif: removed grsecurity support * modif: stop hiding blacklisted files in /etc by default and add a new etc-hide-blacklisted option to firejail.config that enables the previous behavior (disabled by default) (#5010 #5230 #5591 #5595) * bugfix: Flood of seccomp audit log entries (#5207) * bugfix: --netlock does not work (Error: no valid sandbox) (#5312) * build: deduplicate configure-time vars into new config files (#5140 #5284) * build: fix file mode of shell scripts (644 -> 755) (#5206) * build: reduce autoconf input files from 32 to 2 (#5219) * build: add dist build directory to .gitignore (#5248) * build: add autoconf auto-generation comment to input files (#5251) * build: Add files make uninstall forgot to remove (#5283) * build: add and use TARNAME instead of NAME for paths (#5310) * build: only install ids.config when --enable-ids is set (#5356 #5357) * build: Remove deprecated syntax and modernize shell test scripts (#5370) * build: Fix musl warnings (#5421 #5431) * build: sort.py improvements (#5429) * build: deduplicate makefiles (#5478) * build: fix formatting and misc in configure (#5488) * build: actually set LDFLAGS/LIBS & stop overriding CFLAGS/LDFLAGS (#5504) * build: make shell commands more portable in firejail.vim (#5577) * ci: bump ubuntu to 22.04 and use newer compilers / analyzers (#5275) * ci: ignore git-related paths and the project license (#5249) * ci: Harden GitHub Actions (StepSecurity) (#5439) * ci: sort and ignore more paths (#5481) * ci: whitelist needed endpoints and block access to sudo (#5485) * docs: fix typos (#5189 #5349) * docs: mention risk of SUID binaries and also firejail-users(5) (#5288 #5290) * docs: set vim filetype on man pages for syntax highlighting (#5296) * docs: note that blacklist/whitelist follow symlinks (#5344) * docs: Add IRC channel info to README.md (#5361) * docs: man: Note that some commands can be disabled in firejail.config (#5366) * docs: Add gist note to bug_report.md (#5398) * docs: clarify that --appimage should appear before --profile (#5402 #5451) * docs: add more Firefox examples to the firejail-local AppArmor profile (#5493) * docs: Fix broken Restrict-DBus wiki link on profile.template (#5554) * docs: Remove invalid --profile-path from --help (#5585 #5586) * new profiles: gdu, makedeb, gtk-lbry-viewer, lbry-viewer, tuir, chafa, * new profiles: godot3, cinelerra-gg, tesseract, avidemux3_qt5, * new profiles: avidemux3_cli, avidemux3_jobs_qt5, ssmtp, chatterino, * new profiles: linuxqq, qq, electron-hardened.inc.profile,

firejail

Related Projects

mapbox-navigation-android

ToastFish

barcodelib

JPProject.IdentityServer4.SSO

Related Projects

mapbox-navigation-android

ToastFish

barcodelib

JPProject.IdentityServer4.SSO