firejail (0.9.50) baseline; urgency=low * modif: --output split in two commands, --output and --output-stderr * feature: per-profile disable-mnt (--disable-mnt) * feature: per-profile support to set X11 Xephyr screen size (--xephyr-screen) * feature: private /lib directory (--private-lib) * feature: disable CDROM/DVD drive (--nodvd) * feature: disable DVB devices (--notv) * feature: --profile.print * enhancement: print all seccomp filters under --debug * enhancement: /proc/sys mounting * enhancement: rework IP address assingment for --net options * enhancement: support for newer Xpra versions (2.1+) - set xpra-attach yes in /etc/firejail/firejail.config * enhancement: all profiles use a standard layout style * enhancement: create /usr/local for firecfg if the directory doesn't exist * enhancement: allow full paths in --private-bin * seccomp feature: --memory-deny-write-execute * seccomp feature: seccomp post-exec * seccomp feature: block secondary architecture (--seccomp.block_secondary) * seccomp feature: seccomp syscall groups * seccomp enhancement: print all seccomp filters under --debug * seccomp enhancement: default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, * new profiles: Geary, Liferea, peek, silentarmy, IntelliJ IDEA, * new profiles: Android Studio, electron, riot-web, Extreme Tux Racer, * new profiles: Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux * new profiles: telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, * new profiles: hashcat, obs, picard, remmina, sdat2img, soundconverter * new profiles: truecraft, gnome-twitch, tuxguitar, musescore, neverball * new profiles: sqlitebrowse, Yandex Browser, minetest * bugfixes -- netblue30 Thu, 7 Sep 2017 08:00:00 -0500 firejail (0.9.48) baseline; urgency=low * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes -- netblue30 Mon, 12 Jun 2017 08:00:00 -0500 firejail (0.9.46) baseline; urgency=low * security: split most of networking code in a separate executable * security: split seccomp filter code configuration in a separate executable * security: split file copying in private option in a separate executable * feature: disable gnupg and systemd directories under /run/user * feature: test coverage (gcov) support * feature: allow root user access to /dev/shm (--noblacklist=/dev/shm) * feature: private /opt directory (--private-opt, profile support) * feature: private /srv directory (--private-srv, profile support) * feature: spoof machine-id (--machine-id, profile support) * feature: allow blacklists under --private (--allow-private-blacklist, profile support) * feature: user-defined /etc/hosts file (--hosts-file, profile support) * feature: support for the real /var/log directory (--writable-var-log, profile support) * feature: config support for firejail prompt in terminals * feature: AppImage type 2 support * feature: pass command line arguments to appimages * feature: allow non-seccomp setup for OverlayFS sandboxes - more work to come * feature: added a number of Python scripts for handling sandboxes * feature: allow local customization using .local files under /etc/firejail * feature: follow-symlink-as-user runtime config option in /etc/firejail/firejail.config * feature: follow-symlink-private-bin option in /etc/firejail/firejail.config * feature: xvfb X11 server support (--x11=xvfb) * feature: allow /tmp directory in mkdir and mkfile profile commands * feature: implemented --noblacklist command, profile support * feature: config support to disable access to /mnt and /media (disable-mnt) * feature: config support to disable join (join) * feature: disabled Go, Rust, and OpenSSL in disable-devel.conf * feature: support overlay, overlay-named and overlay-tmpfs in profile files * feature: allow PulseAudio sockets in --private-tmp * feature: --fix-sound support in firecfg * feature: added support for sandboxing Xpra, Xvfb and Xephyr in independent sandboxes when started with firejail --x11 * feature: enable automatic X server sandboxing for --x11=xpra and --x11=xephyr * feature: support for Xpra extra params in firejail config file * new profiles: xiphos, Tor Browser Bundle, display (imagemagick), Wire, * new profiles: mumble, zoom, Guayadeque, qemu, keypass2, xed, pluma, * new profiles: Cryptocat, Bless, Gnome 2048, Gnome Calculator, * new profiles: Gnome Contacts, JD-GUI, Lollypop, MultiMC5, PDFSam, Pithos, * new profiles: Xonotic, wireshark, keepassx2, QupZilla, FossaMail, * new profiles: Uzbl browser, iridium browser, Thunar, Geeqie, Engrampa, * new profiles: Scribus, mousepad, gpicview, keepassxc, cvlc, MediathekView, * new profiles: baloo_file, Nylas, dino, BibleTime, viewnior, Kodi, viking, * new profiles: youtube-dl, meld, Arduino, Akregator, KCalc, KTorrent, * new profiles: Orage Globaltime, Orage Clendar, xfce4-notes, xfce4-dict, * new profiles: Ristretto, PCManFM, Dia, FontForge, Geany, Hugin, * new profiles: mate-calc, mate-dictionary, mate-color-select, caja, * new profiles: galculator, Nemo, gnome-font-viewer, gucharmap, knotes * new profiles: clipit, leafpad, lximage-qt, lxmusic, qlipper, Xvfb, Xephyr * new profiles: Blender, 2048-qt * bugfixes -- netblue30 Sun, 14 May 2017 08:00:00 -0500 firejail (0.9.44.10) baseline; urgency=low * security: when using --x11=xorg and --net, incorrect processing of the return code of /usr/bin/xauth could end up in starting the sandbox without X11 security extension installed. Problem found/fixed by Zack Weinberg * bugfix: ~/.pki directory whitelisted and later blacklisted. This affects most browsers, and disables the custom certificates installed by the user * bugfix: firecfg config fix * bugfix: gajim security profile fix * bugfix: man page fix * bugfix: force-nonewprivs fix for /etc/firejail/firejail.config * bugfix: xephyr-extra-params fix for /etc/firejail/firejail.config * bugfix: memory corruption in noblacklist processing * bugfix: --quiet fix for Arch and Fedora systems * bugfix: updated Keepass(x) profiles * bugfix: firemon --nowrap problem * bugfix: document firemon --nowrap in man page and in --help option * bugfix: bash completion for --noblacklist command * bugfix: vlc profile fix * bugfix: fixed handling of .local profile files when the software is installed in ~/.local directory * bugfix: temporarily remove private-tmp from all profiles, until a fix for .Xauthority file handling in KDE becomes available * maintenance: --output cleanup * maintenance: updated copyright statement in all files -- netblue30 Sat, 18 Mar 2017 10:00:00 -0500 firejail (0.9.44.8) baseline; urgency=low * bugfix: fix broken PulseAudio support -- netblue30 Wed, 18 Jan 2017 10:00:00 -0500 firejail (0.9.44.6) baseline; urgency=low * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week, new CVE code assigned after release: CVE-2017-5940 * security: major cleanup of file copying code * security: tightening the rules for --chroot and --overlay features * bugfix: ported Gentoo compile patch * bugfix: Nvidia drivers bug in --private-dev * bugfix: fix ASSERT_PERMS_FD macro * feature: allow local customization using .local files under /etc/firejail backported from our development branch * feature: spoof machine-id backported from our development branch -- netblue30 Sun, 15 Jan 2017 10:00:00 -0500 firejail (0.9.44.4) baseline; urgency=low * security: --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * security: disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) -- netblue30 Sat, 7 Jan 2017 10:00:00 -0500 firejail (0.9.44.2) baseline; urgency=low * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122) * security: several security enhancements * bugfix: crashing VLC by pressing Ctrl-O * bugfix: use user configured icons in KDE * bugfix: mkdir and mkfile are not applied to private directories * bugfix: cannot open files on Deluge running under KDE * bugfix: --private=dir where dir is the user home directory * bugfix: cannot start Vivaldi browser * bugfix: cannot start mupdf * bugfix: ssh profile problems * bugfix: --quiet * bugfix: quiet in git profile * bugfix: memory corruption -- netblue30 Fri, 2 Dec 2016 08:00:00 -0500 firejail (0.9.44) baseline; urgency=low * CVE-2016-9016 submitted by Aleksey Manevich * modifs: removed man firejail-config * modifs: --private-tmp whitelists /tmp/.X11-unix directory * modifs: Nvidia drivers added to --private-dev * modifs: /srv supported by --whitelist * feature: allow user access to /sys/fs (--noblacklist=/sys/fs) * feature: support starting/joining sandbox is a single command (--join-or-start) * feature: X11 detection support for --audit * feature: assign a name to the interface connected to the bridge (--veth-name) * feature: all user home directories are visible (--allusers) * feature: add files to sandbox container (--put) * feature: blocking x11 (--x11=block) * feature: X11 security extension (--x11=xorg) * feature: disable 3D hardware acceleration (--no3d) * feature: x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * feature: move files in sandbox (--put) * feature: accept wildcard patterns in user name field of restricted shell login feature * new profiles: qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * new profiles: feh, ranger, zathura, 7z, keepass, keepassx, * new profiles: claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * new profiles: Flowblade, Eye of GNOME (eog), Evolution * bugfixes -- netblue30 Fri, 21 Oct 2016 08:00:00 -0500 firejail (0.9.42) baseline; urgency=low * security: --whitelist deleted files, submitted by Vasya Novikov * security: disable x32 ABI in seccomp, submitted by Jann Horn * security: tighten --chroot, submitted by Jann Horn * security: terminal sandbox escape, submitted by Stephan Sokolow * security: several TOCTOU fixes submitted by Aleksey Manevich * modifs: bringing back --private-home option * modifs: deprecated --user option, please use "sudo -u username firejail" * modifs: allow symlinks in home directory for --whitelist option * modifs: Firejail prompt is enabled by env variable FIREJAIL_PROMPT="yes" * modifs: recursive mkdir * modifs: include /dev/snd in --private-dev * modifs: seccomp filter update * modifs: release archives moved to .xz format * feature: AppImage support (--appimage) * feature: AppArmor support (--apparmor) * feature: Ubuntu snap support (/etc/firejail/snap.profile) * feature: Sandbox auditing support (--audit) * feature: remove environment variable (--rmenv) * feature: noexec support (--noexec) * feature: clean local overlay storage directory (--overlay-clean) * feature: store and reuse overlay (--overlay-named) * feature: allow debugging inside the sandbox with gdb and strace (--allow-debuggers) * feature: mkfile profile command * feature: quiet profile command * feature: x11 profile command * feature: option to fix desktop files (firecfg --fix) * compile time: Busybox support (--enable-busybox-workaround) * compile time: disable overlayfs (--disable-overlayfs) * compile time: disable whitlisting (--disable-whitelist) * compile time: disable global config (--disable-globalcfg) * run time: enable/disable overlayfs (overlayfs yes/no) * run time: enable/disable quiet as default (quiet-by-default yes/no) * run time: user-defined network filter (netfilter-default) * run time: enable/disable whitelisting (whitelist yes/no) * run time: enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * run time: enable/disable chroot desktop features (chroot-desktop yes/no) * profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice * profiles: pix, audacity, xz, xzdec, gzip, cpio, less * profiles: Atom Beta, Atom, jitsi, eom, uudeview * profiles: tar (gtar), unzip, unrar, file, skypeforlinux, * profiles: inox, Slack, gnome-chess. Gajim IM client, DOSBox * bugfixes -- netblue30 Thu, 8 Sept 2016 08:00:00 -0500 firejail (0.9.40) baseline; urgency=low * added --nice option * added --x11 option * added --x11=xpra option * added --x11=xephyr option * added --cpu.print option * added filetransfer options --ls and --get * added --writable-etc and --writable-var options * added --read-only option * added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * --version also prints compile options * --output option also redirects stderr * added compile-time option to restrict --net= to root only * run time config support, man firejail-config * added firecfg utility * AppArmor fixes * default seccomp filter update * disable STUN/WebRTC in default netfilter configuration * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq * new profiles: PaleMoon, Icedove, abrowser, 0ad, netsurf, Warzone2100 * new profiles: okular, gwenview, Google-Play-Music-Desktop-Player * new profiles: Aweather, Stellarium, gpredict, quiterss, cyberfox * new profiles: generic Ubuntu snap application profile, xplayer * new profiles: xreader, xviewer, mcabber, Psi+, Corebird, Konversation * new profiles: Brave, Gitter * generic.profile renamed default.profile * build rpm packages using "make rpms" * bugfixes -- netblue30 Sun, 29 May 2016 08:00:00 -0500 firejail (0.9.38.10) baseline; urgency=low * security: new fix for CVE-2017-5180 reported by Sebastian Krahmer last week new CVE code assigned after release: CVE-2017-5940 * security: tightening the rules for --chroot * bugfix: ported Gentoo compile patch * bugfix: fix ASSERT_PERMS_FD macro -- netblue30 Sun, 15 Jan 2017 10:00:00 -0500 firejail (0.9.38.8) baseline; urgency=low * security: root exploit found by Sebastian Krahmer (CVE-2017-5180) -- netblue30 Sat, 7 Jan 2017 10:00:00 -0500 firejail (0.9.38.6) baseline; urgency=low * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118) * bugfix: crashing VLC by pressing Ctrl-O -- netblue30 Fri, 16 Dec 2016 10:00:00 -0500 firejail (0.9.38.4) baseline; urgency=low * CVE-2016-7545 submitted by Aleksey Manevich * bugfixes -- netblue30 Mon, 10 Oct 2016 10:00:00 -0500 firejail (0.9.38.2) baseline; urgency=low * security: --whitelist deleted files, submitted by Vasya Novikov * security: disable x32 ABI, submitted by Jann Horn * security: tighten --chroot, submitted by Jann Horn * security: terminal sandbox escape, submitted by Stephan Sokolow * feature: clean local overlay storage directory (--overlay-clean) * bugfixes -- netblue30 Tue, 23 Aug 2016 10:00:00 -0500 firejail (0.9.38) baseline; urgency=low * IPv6 support (--ip6 and --netfilter6) * --join command enhancement (--join-network, --join-filesystem) * added --user command * added --disable-network and --disable-userns compile time flags * Centos 6 support * symlink invocation * added KMail, Seamonkey, Telegram, Mathematica, uGet, * and mupen64plus profiles * --chroot in user mode allowed only if seccomp support is available * in current Linux kernel (CVE-2016-10123) * deprecated --private-home feature * the first protocol list installed takes precedence * --tmpfs option allowed only running as root (CVE-2016-10117) * added --private-tmp option * weak permissions (CVE-2016-10119, CVE-2016-10120, CVE-2016-10121) * bugfixes -- netblue30 Tue, 2 Feb 2016 10:00:00 -0500 firejail (0.9.36) baseline; urgency=low * added unbound, dnscrypt-proxy, BitlBee, HexChat, WeeChat, parole and rtorrent profiles * Google Chrome profile rework * added google-chrome-stable profile * added google-chrome-beta profile * added google-chrome-unstable profile * Opera profile rework * added opera-beta profile * added --noblacklist option * added --profile-path option * added --force option * whitelist command enhancements * prevent user name enumeration * added /etc/firejail/nolocal.net network filter * added /etc/firejail/webserver.net network filter * blacklisting firejail configuration by default * allow default gateway configuration for --interface option * --debug enhancements: --debug-check-filenames, --debug-blacklists, --debug-whitelists * filesystem log * libtrace enhancements, tracing opendir call * added --tracelog option * added "name" command to profile files * added "hostname" command to profile files * added automated feature testing framework * Debian reproducible build * bugfixes -- netblue30 Sun, 27 Dec 2015 09:00:00 -0500 firejail (0.9.34) baseline; urgency=low * added --ignore option * added --protocol option * support dual i386/amd64 seccomp filters * added Google Chrome profile * added Steam, Skype, Wine and Conkeror profiles * bugfixes -- netblue30 Sat, 7 Nov 2015 08:00:00 -0500 firejail (0.9.32) baseline; urgency=low * added --interface option * added --mtu option * added --private-bin option * added --nosound option * added --hostname option * added --quiet option * added seccomp errno support * added FBReader default profile * added Spotify default profile * lots of default security profile changes * fixed a security problem on multi-user systems * bugfixes -- netblue30 Wed, 21 Oct 2015 08:00:00 -0500 firejail (0.9.30) baseline; urgency=low * added a disable-history.inc profile as a result of Firefox PDF.js exploit; disable-history.inc included in all default profiles * Firefox PDF.js exploit (CVE-2015-4495) fixes * added --private-etc option * added --env option * added --whitelist option * support ${HOME} token in include directive in profile files * --private.keep is transitioned to --private-home * support ~ and blanks in blacklist option * support "net none" command in profile files * using /etc/firejail/generic.profile by default for user sessions * using /etc/firejail/server.profile by default for root sessions * added build --enable-fatal-warnings configure option * added persistence to --overlay option * added --overlay-tmpfs option * make install-strip implemented, make install renamed * bugfixes -- netblue30 Mon, 14 Sept 2015 08:00:00 -0500 firejail (0.9.28) baseline; urgency=low * network scanning, --scan option * interface MAC address support, --mac option * IP address range, --iprange option * traffic shaping, --bandwidth option * reworked printing of network status at startup * man pages rework * added firejail-login man page * added GNU Icecat, FileZilla, Pidgin, XChat, Empathy, DeaDBeeF default profiles * added an /etc/firejail/disable-common.inc file to hold common directory blacklists * blacklist Opera and Chrome/Chromium config directories in profile files * support noroot option for profile files * enabled noroot in default profile files * bugfixes -- netblue30 Sat, 1 Aug 2015 08:00:00 -0500 firejail (0.9.26) baseline; urgency=low * private dev directory * private.keep option for whitelisting home files in a new private directory * user namespaces support, noroot option * added Deluge and qBittorent profiles * bugfixes -- netblue30 Thu, 30 Apr 2015 08:00:00 -0500 firejail (0.9.24) baseline; urgency=low * whitelist and blacklist seccomp filters * doubledash option * --shell=none support * netfilter file support in profile files * dns server support in profile files * added --dns.print option * added default profiles for Audacious, Clementine, Gnome-MPlayer, Rhythmbox and Totem. * added --caps.drop=all in default profiles * new syscalls in default seccomp filter: sysfs, sysctl, adjtimex, kcmp * clock_adjtime, lookup_dcookie, perf_event_open, fanotify_init * Bugfix: using /proc/sys/kernel/pid_max for the max number of pids * two build patches from Reiner Herman (tickets 11, 12) * man page patch from Reiner Herman (ticket 13) * output patch (ticket 15) from sshirokov -- netblue30 Sun, 5 Apr 2015 08:00:00 -0500 firejail (0.9.22) baseline; urgency=low * Replaced --noip option with --ip=none * Container stdout logging and log rotation * Added process_vm_readv, process_vm_writev and mknod to * default seccomp blacklist * Added CAP_MKNOD to default caps blacklist * Blacklist and whitelist custom Linux capabilities filters * macvlan device driver support for --net option * DNS server support, --dns option * Netfilter support * Monitor network statistics, --netstats option * Added profile for Mozilla Thunderbird/Icedove * - --overlay support for Linux kernels 3.18+ * Bugfix: preserve .Xauthority file in private mode (test with ssh -X) * Bugfix: check uid/gid for cgroup -- netblue30 Mon, 9 Mar 2015 09:00:00 -0500 firejail (0.9.20) baseline; urgency=low * utmp, btmp and wtmp enhancements * create empty /var/log/wtmp and /var/log/btmp files in sandbox * generate a new /var/run/utmp file in sandbox * CPU affinity, --cpu option * Linux control groups support, --cgroup option * Opera web browser support * VLC support * Added "empty" attribute to seccomp command to remove the default * syscall list form seccomp blacklist * Added --nogroups option to disable supplementary groups for regular * users. root user always runs without supplementary groups. * firemon enhancements * display the command that started the sandbox * added --caps option to display capabilities for all sandboxes * added --cgroup option to display the control groups for all sandboxes * added --cpu option to display CPU affinity for all sandboxes * added --seccomp option to display seccomp setting for all sandboxes * New compile time options: --disable-chroot, --disable-bind * bugfixes -- netblue30 Mon, 02 Feb 2015 08:00:00 -0500 firejail (0.9.18) baseline; urgency=low * Support for tracing system, setuid, setgid, setfsuid, setfsgid syscalls * Support for tracing setreuid, setregid, setresuid, setresguid syscalls * Added profiles for transmission-gtk and transmission-qt * bugfixes -- netblue30 Fri, 25 Dec 2014 10:00:00 -0500 firejail (0.9.16) baseline; urgency=low * Configurable private home directory * Configurable default user shell * Software configuration support for --docdir and DESTDIR * Profile file support for include, caps, seccomp and private keywords * Dropbox profile file * Linux capabilities and seccomp filters enabled by default for Firefox, Midori, Evince and Dropbox * bugfixes -- netblue30 Tue, 4 Nov 2014 10:00:00 -0500 firejail (0.9.14) baseline; urgency=low * Linux capabilities and seccomp filters are automatically enabled in chroot mode (--chroot option) if the sandbox is started as regular user * Added support for user defined seccomp blacklists * Added syscall trace support * Added --tmpfs option * Added --balcklist option * Added --read-only option * Added --bind option * Logging enhancements * --overlay option was reactivated * Added firemon support to print the ARP table for each sandbox * Added firemon support to print the route table for each sandbox * Added firemon support to print interface information for each sandbox * bugfixes -- netblue30 Tue, 15 Oct 2014 10:00:00 -0500 firejail (0.9.12.2) baseline; urgency=low * Fix for pulseaudio problems * --overlay option was temporarily disabled in this build -- netblue30 Mon, 29 Sept 2014 07:00:00 -0500 firejail (0.9.12.1) baseline; urgency=low * Fix for pulseaudio problems * --overlay option was temporarily disabled in this build -- netblue30 Mon, 22 Sept 2014 09:00:00 -0500 firejail (0.9.12) baseline; urgency=low * Added capabilities support * Added support for CentOS 7 * bugfixes -- netblue30 Mon, 15 Sept 2014 10:00:00 -0500 firejail (0.9.10) baseline; urgency=low * Disable /proc/kcore, /proc/kallsyms, /dev/port, /boot * Fixed --top option CPU utilization calculation * Implemented --tree option in firejail and firemon * Implemented --join=name option * Implemented --shutdown option * Preserve the current working directory if possible * Cppcheck and clang errors cleanup * Added a Chromium web browser profile -- netblue30 Thu, 28 Aug 2014 07:00:00 -0500 firejail (0.9.8.1) baseline; urgency=low * FIxed a number of bugs introduced in 0.9.8 -- netblue30 Fri, 25 Jul 2014 07:25:00 -0500 firejail (0.9.8) baseline; urgency=low * Implemented nowrap mode for firejail --list command option * Added --top option in both firejail and firemon * seccomp filter support * Added pid support for firemon * bugfixes -- netblue30 Tue, 24 Jul 2014 08:51:00 -0500 firejail (0.9.6) baseline; urgency=low * Mounting tmpfs on top of /var/log, required by several server programs * Server fixes for /var/lib and /var/cache * Private mode fixes * csh and zsh default shell support * Chroot mode fixes * Added support for lighttpd, isc-dhcp-server, apache2, nginx, snmpd, -- netblue30 Sat, 7 Jun 2014 09:00:00 -0500 firejail (0.9.4) baseline; urgency=low * Fixed resolv.conf on Ubuntu systems using DHCP * Fixed resolv.conf on Debian systems using resolvconf package * Fixed /var/lock directory * Fixed /var/tmp directory * Fixed symbolic links in profile files * Added profiles for evince, midori -- netblue30 Sun, 4 May 2014 08:00:00 -0500 firejail (0.9.2) baseline; urgency=low * Checking IP address passed with --ip option using ARP; exit if the address is already present * Using a lock file during ARP address assignment in order to removed a race condition. * Several fixes to --private option; it also mounts a tmpfs filesystem on top of /tmp * Added user access check for profile file * Added --defaultgw option * Added support of --noip option; it is necessary for DHCP setups * Added syslog support * Added support for "tmpfs" and "read-only" profile commands * Added an expect-based testing framework for the project * Added bash completion support * Added support for multiple networks -- netblue30 Fri, 25 Apr 2014 08:00:00 -0500 firejail (0.9) baseline; urgency=low * First beta version -- netblue30 Sat, 12 Apr 2014 09:00:00 -0500