firejail-bash-completion-0.9.66-bp154.1.22 >  A bx!M@eeej{4++/bes%d1 ›.422`倆NP$jpj<(3?bk|1/BZXjk{@hx}+IZoRmۍz$<Gܕ>΋njFXRCa3u,:;/pF{,zL8Cu֖=TyD_V-?9O)e_BKFQGKP{[t<>l2~d8739a7f13e8b47b55ae377a0487fb009933429968437113a4430f527b9d1ece0282b148fe59d34f28356eea9041424002876ce9,bx!M@eeeACD2 NX# u;QkTГ R,sP*{q9T6skxzw&(ށݫc䍑~M &W+$tzR^`BJٌ@'[38PK+rk!%1K|N.7+nzG#䫌'q= =wad\)/!i1['o/,sܺ[W 5YtA~n2ucjUJX2w]e3p"?$F S6<-U>p>k ?kd" - F 8 F T p w $`x(8 9:FgGgHgIgXgYh\h$]h@^hbi)cidj<ejAfjDljFujXvjtzjjjjjjjk Cfirejail-bash-completion0.9.66bp154.1.22Firejail Bash completionOptional dependency offering bash completion for firejailbxold-atreju2QSUSE Linux Enterprise 15 SP4openSUSEGPL-2.0-onlyhttps://bugs.opensuse.orgSystem/Shellshttps://firejail.wordpress.comlinuxx86_64 ;*AA큤A큤bxbxbxbxbxbx`5ac3dd28dedc732c8a333bc5fb99249f4c17ed66e50bf9f41f9b612e131541e3a5b69a55110c8f54b3947032f17f4d7220118f92430d89eed3520947c78c6ae2356c63967945f435cf299ba2dc32a5186a9defa311baac03f66a9d224939911381688a796b2f7a4f9a2416182982baa4d9cd585364934c531a8b525208305f37rootrootrootrootrootrootrootrootrootrootrootrootrootrootfirejail-0.9.66-bp154.1.22.src.rpmfirejail-bash-completionfirejail-bash-completion(x86-64)    bash-completionfirejailrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)0.9.663.0.4-14.6.0-14.0-15.2-14.14.3``@`@__@_@_=@_5+@_.^l@^B@\@\T4[.[@[\[~Z1@YY@X|Xn5@X@WSWXW;Andreas Stieger Илья Индиго Илья Индиго Sebastian Wagner Sebastian Wagner Christian Boltz Paolo Stivanin Paolo Stivanin Sebastian Wagner Michael Vetter Marcus Rueckert Sebastian Wagner info@paolostivanin.comSebastian Wagner Markos Chandras Markos Chandras sebix+novell.com@sebix.atavindra@opensuse.orgaavindraa@gmail.comtiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.detiwai@suse.de- firejail 0.9.66: * deprecated --audit options, relpaced by jailcheck utility * deprecated follow-symlink-as-user from firejail.config * new firejail.config settings: private-bin, private-etc * new firejail.config settings: private-opt, private-srv * new firejail.config settings: whitelist-disable-topdir * new firejail.config settings: seccomp-filter-add * removed kcmp syscall from seccomp default filter * rename --noautopulse to keep-config-pulse * filtering environment variables * zsh completion * command line: --mkdir, --mkfile * --protocol now accumulates * jailtest utility for testing running sandboxes * faccessat2 syscall support * --private-dev keeps /dev/input * added --noinput to disable /dev/input * add support for subdirs in --private-etc * subdirs support in private-etc * input devices support in private-dev, --no-input * support trailing comments on profile lines * many new profiles - split shell completion into standard subpackages- Update to 0.9.64.4: * disabled overlayfs, pending multiple fixes * fixed launch firefox for open url in telegram-desktop.profile- Update to 0.9.64.2: * allow --tmpfs inside $HOME for unprivileged users * --disable-usertmpfs compile time option * allow AF_BLUETOOTH via --protocol=bluetooth * setup guide for new users: contrib/firejail-welcome.sh * implement netns in profiles * added nolocal6.net IPv6 network filter * new profiles: spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, npm, marker, yarn, lsar, unar, agetpkg, mdr, shotwell, qnapi, new profiles: guvcview, pkglog, kdiff3, CoyIM.- packaging fixes- Update to version 0.9.64: * replaced --nowrap option with --wrap in firemon * The blocking action of seccomp filters has been changed from killing the process to returning EPERM to the caller. To get the previous behaviour, use --seccomp-error-action=kill or syscall:kill syntax when constructing filters, or override in /etc/firejail/firejail.config file. * Fine-grained D-Bus sandboxing with xdg-dbus-proxy. xdg-dbus-proxy must be installed, if not D-Bus access will be allowed. With this version nodbus is deprecated, in favor of dbus-user none and dbus-system none and will be removed in a future version. * DHCP client support * firecfg only fix dektop-files if started with sudo * SELinux labeling support * custom 32-bit seccomp filter support * restrict ${RUNUSER} in several profiles * blacklist shells such as bash in several profiles * whitelist globbing * mkdir and mkfile support for /run/user directory * support ignore for include * --include on the command line * splitting up media players whitelists in whitelist-players.inc * new condition: HAS_NOSOUND * new profiles: gfeeds, firefox-x11, tvbrowser, rtv, clipgrab, muraster * new profiles: gnome-passwordsafe, bibtex, gummi, latex, mupdf-x11-curl * new profiles: pdflatex, tex, wpp, wpspdf, wps, et, multimc, mupdf-x11 * new profiles: gnome-hexgl, com.github.johnfactotum.Foliate, mupdf-gl, mutool * new profiles: desktopeditors, impressive, planmaker18, planmaker18free * new profiles: presentations18, presentations18free, textmaker18, teams * new profiles: textmaker18free, xournal, gnome-screenshot, ripperX * new profiles: sound-juicer, com.github.dahenson.agenda, gnome-pomodoro * new profiles: gnome-todo, x2goclient, iagno, kmplayer, penguin-command * new profiles: frogatto, gnome-mines, gnome-nibbles, lightsoff, warmux * new profiles: ts3client_runscript.sh, ferdi, abiword, four-in-a-row * new profiles: gnome-mahjongg, gnome-robots, gnome-sudoku, gnome-taquin * new profiles: gnome-tetravex, blobwars, gravity-beams-and-evaporating-stars * new profiles: hyperrogue, jumpnbump-menu, jumpnbump, magicor, mindless * new profiles: mirrormagic, mrrescue, scorched3d-wrapper, scorchwentbonkers * new profiles: seahorse-adventures, wordwarvi, xbill, gnome-klotski * new profiles: swell-foop, fdns, five-or-more, steam-runtime * new profiles: nicotine, plv, mocp, apostrophe, quadrapassel, dino-im * new profiles: hitori, bijiben, gnote, gnubik, ZeGrapher, xonotic-sdl-wrapper * new profiles: gapplication, openarena_ded, element-desktop, cawbird * new profiles: freetube, strawberry, jitsi-meet-desktop * new profiles: homebank, mattermost-desktop, newsflash, com.gitlab.newsflash * new profiles: sushi, xfce4-screenshooter, org.gnome.NautilusPreviewer, lyx * new profiles: minitube, nuclear, mtpaint, minecraft-launcher, gnome-calendar * new profiles: vmware, git-cola, otter-browser, kazam, menulibre, musictube * new profiles: onboard, fractal, mirage, quaternion, spectral, man, psi * new profiles: smuxi-frontend-gnome, balsa, kube, trojita, youtube * new profiles: youtubemusic-nativefier, cola, dbus-send, notify-send * new profiles: qrencode, ytmdesktop, twitch * new profiles: xournalpp, chromium-freeworld, equalx - remove firejail-0.9.62-fix-usr-etc.patch, included upstream - remove firejail-apparmor-3.0.diff, included upstream- Add firejail-apparmor-3.0.diff to make the AppArmor profile compatible with AppArmor 3.0 (add missing include )- Update to 0.9.62.4 * fix AppArmor broken in the previous release * miscellaneous fixes- Update to 0.9.62.2 * fix CVE-2020-17367 * fix CVE-2020-17368 * additional hardening and bug fixes - Remove fix-CVE-2020-17368.patch - Remove fix-CVE-2020-17367.patch- Add patches fix-CVE-2020-17367.patch and fix-CVE-2020-17368.patch to fix CVE-2020-17367 and CVE-2020-17368 and boo#1174986- Add firejail-0.9.62-fix-usr-etc.patch: Check /usr/etc not just /etc - Replace python interpreter line in sort.py- update to version 0.9.62 * added file-copy-limit in /etc/firejail/firejail.config * profile templates (/usr/share/doc/firejail) * allow-debuggers support in profiles * several seccomp enhancements * compiler flags autodetection * move chroot entirely from path based to file descriptor based mounts * whitelisting /usr/share in a large number of profiles * new scripts in conrib: gdb-firejail.sh and sort.py * enhancement: whitelist /usr/share in some profiles * added signal mediation to apparmor profile * new conditions: HAS_X11, HAS_NET * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder * new profiles: godot, tcpdump, tshark, newsbeuter, keepassxc-cli * new profiles: keepassxc-proxy, rhythmbox-client, jerry, zeal, mpg123 * new profiles: conplay, mpg123.bin, mpg123-alsa, mpg123-id3dump, out123 * new profiles: mpg123-jack, mpg123-nas, mpg123-openal, mpg123-oss * new profiles: mpg123-portaudio, mpg123-pulse, mpg123-strip, pavucontrol-qt * new profiles: gnome-characters, gnome-character-map, rsync, Whalebird, * new profiles: tor-browser (AUR), Zulip, tb-starter-wrapper, bzcat, * new profiles: kiwix-desktop, bzcat, zstd, pzstd, zstdcat, zstdgrep, zstdless * new profiles: zstdmt, unzstd, i2p, ar, gnome-latex, pngquant, kalgebra * new profiles: kalgebramobile, signal-cli, amuled, kfind, profanity * new profiles: audio-recorder, cameramonitor, ddgtk, drawio, unf, gmpc * new profiles: electron-mail, gist, gist-paste- update to version 0.9.60: * security bug reported by Austin Morton: Seccomp filters are copied into /run/firejail/mnt, and are writable within the jail. A malicious process can modify files from inside the jail. Processes that are later joined to the jail will not have seccomp filters applied. CVE-2019-12589 boo#1137139 * memory-deny-write-execute now also blocks memfd_create * add private-cwd option to control working directory within jail * blocking system D-Bus socket with --nodbus * bringing back Centos 6 support * drop support for flatpak/snap packages * new profiles: crow, nyx, mypaint, celluoid, nano, transgui, mpdris2 * new profiles: sysprof, simplescreenrecorder, geekbench, xfce4-mixer * new profiles: pavucontrol, d-feet, seahorse, secret-tool, gnome-keyring * new profiles: regextester, hardinfo, gnome-system-log, gnome-nettool * new profiles: netactview, redshift, devhelp, assogiate, subdownloader * new profiles: font-manager, exfalso, gconf-editor, dconf-editor * new profiles: sysprof-cli, seahorse-tool, secret-tool, dconf, gsettings * new profiles: code-oss, pragha, Maelstrom, ostrichriders, bzflag * new profiles: freeciv, lincity-ng, megaglest, openttd, crawl, crawl-tiles * new profiles: teeworlds, torcs, tremulous, warsow, lugaru, manaplus * new profiles: pioneer, scorched3d, widelands, freemind, kid3, kid3-qt * new profiles: kid3-cli, nomacs, freecol, opencity, openclonk, slashem * new profiles: vultureseye, vulturesclaw, anki, cheese, utox, mp3splt * new profiles: oggsplt, flacsplt, gramps, newsboat, freeoffice-planmaker * new profiles: autokey-gtk, autokey-qt, autokey-run, autokey-shell * new profiles: freeoffice-presentations, freeoffice-textmaker, mp3wrap * new profiles: inkview, meteo-qt, mp3splt-gtk, ktouch, yelp, cantata- update to version 0.9.58: * --disable-mnt rework * --net.print command * GitLab CI/CD integration: disto specific builds * profile parser enhancements and conditional handling support for HAS_APPIMAGE, HAS_NODBUS, BROWSER_DISABLE_U2F * profile name support * added explicit nonewprivs support to join option * new profiles: QMediathekView, aria2c, Authenticator, checkbashisms * new profiles: devilspie, devilspie2, easystroke, github-desktop, min * new profiles: bsdcat, bsdcpio, bsdtar, lzmadec, lbunzip2, lbzcat * new profiles: lbzip2, lzcat, lzcmp, lzdiff, lzegrep, lzfgrep, lzgrep * new profiles: lzless, lzma, lzmainfo, lzmore, unlzma, unxz, xzcat * new profiles: xzcmp, xzdiff, xzegrep, xzfgrep, xzgrep, xzless, xzmore * new profiles: lzip, artha, nitroshare, nitroshare-cli, nitroshare-nmh * new profiles: nirtoshare-send, nitroshare-ui, mencoder, gnome-pie * new profiles: masterpdfeditor, QOwnNotes, aisleriot, Mendeley * new profiles: feedreader, ocenaudio, mpsyt, thunderbird-wayland * new profiles: supertuxkart, ghostwriter, gajim-history-manager * bugfixes- update to version 0.9.56: * modif: removed CFG_CHROOT_DESKTOP configuration option * modif: removed compile time --enable-network=restricted * modif: removed compile time --disable-bind * modif: --net=none allowed even if networking was disabled at compile time or at run time * modif: allow system users to run the sandbox * support wireless devices in --net option * support tap devices in --net option (tunneling support) * allow IP address configuration if the parent interface specified by --net is not configured (--netmask) * support for firetunnel utility * disable U2F devices (--nou2f) * add --private-cache to support private ~/.cache * support full paths in private-lib * globbing support in private-lib * support for local user directories in firecfg (--bindir) * new profiles: ms-excel, ms-office, ms-onenote, ms-outlook, ms-powerpoint, * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois, * new profiles: jdownloader, Fluxbox, Blackbox, Awesome, i3 * new profiles: start-tor-browser.desktop- Drop ldconfig calls since firejail libraries are installed in their own subdirectory which is not scanned by ldconfig.- Remove the rpmlintrc file since the warnings are no longer relevant.- Changed the permissions of the firejail executable to 4750. Setuid mode is used, but only allowed for users in the newly created group 'firejail' (boo#1059013). - Update to version 0.9.54: * modif: --force removed * modif: --csh, --zsh removed * modif: --debug-check-filename removed * modif: --git-install and --git-uninstall removed * modif: support for private-bin, private-lib and shell none has been disabled while running AppImage archives in order to be able to use our regular profile files with AppImages. * modif: restrictions for /proc, /sys and /run/user directories are moved from AppArmor profile into firejail executable * modif: unifying Chromium and Firefox browsers profiles. All users of Firefox-based browsers who use addons and plugins that read/write from ${HOME} will need to uncomment the includes for firefox-common-addons.inc in firefox-common.profile. * modif: split disable-devel.inc into disable-devel and disable-interpreters.inc * Firejail user access database (/etc/firejail/firejail.users, man firejail-users) * add --noautopulse to disable automatic ~/.config/pulse (for complex setups) * Spectre mitigation patch for gcc and clang compiler * D-Bus handling (--nodbus) * AppArmor support for overlayfs and chroot sandboxes * AppArmor support for AppImages * Enable AppArmor by default for a large number of programs * firejail --apparmor.print option * firemon --apparmor option * apparmor yes/no flag in /etc/firejail/firejail.config * seccomp syscall list update for glibc 2.26-10 * seccomp disassembler for --seccomp.print option * seccomp machine code optimizer for default seccomp filters * IPv6 DNS support * whitelist support for overlay and chroot sandboxes * private-dev support for overlay and chroot sandboxes * private-tmp support for overlay and chroot sandboxes * added sandbox name support in firemon * firemon/prctl enhancements * noblacklist support for /sys/module directory * whitelist support for /sys/module directory * new profiles: basilisk, Tor Browser language packs, PlayOnLinux, sylpheed, * new profiles: discord-canary, pycharm-community, pycharm-professional, * new profiles: pdfchain, tilp, vivaldi-snapshot, bitcoin-qt, kaffeine, * new profiles: falkon, gnome-builder, asunder, VS Code, gnome-recipes, * new profiles: akonadi_controle, evince-previewer, evince-thumbnailer, * new profiles: blender-2.8, thunderbird-beta, ncdu, gnome-logs, gcloud, * new profiles: musixmatch, gunzip, bunzip2, enchant-lsmod, enchant-lsmod-2, * new profiles: enchant, enchant-2, Discord, acat, adiff, als, apack, * new profiles: arepack, aunpack profiles, ppsspp, scallion, clion, * new profiles: baloo_filemetadata_temp_extractor, AnyDesk, webstorm, xmind, * new profiles: qmmp, sayonara- Update to version 0.9.52: * New features + systemd-resolved integration + whitelisted /var in most profiles + GTK2, GTK3 and Qt4 private-lib support + --debug-private-lib + test deployment of private-lib for the some apps: evince, galculator, gnome-calculator, leafpad, mousepad, transmission-gtk, xcalc, xmr-stak-cpu, atril, mate-color-select, tar, file, strings, gpicview, eom, eog, gedit, pluma + netfilter template support + various new arguments * --writable-run-user * --rlimit-as * --rlimit-cpu * --timeout * --build (profile build tool) * --netfilter.print * --netfilter6.print * deprecations in modif + --allow-private-blacklists (blacklisting, read-only, read-write, tmpfs and noexec are allowed in private home directories + remount-proc-sys (firejail.config) + follow-symlink-private-bin (firejail.config) + --profile-path * enhancements + support Firejail user config directory in firecfg + disable DBus activation in firecfg + enumerate root directories in apparmor profile + /etc and /usr/share whitelisting support + globbing support for --private-bin * new profiles: upstreamed profiles from 3 sources: + https://github.com/chiraag-nataraj/firejail-profiles + https://github.com/nyancat18/fe + https://aur.archlinux.org/packages/firejail-profiles * new profiles: terasology, surf, rocketchat, clamscan, clamdscan, clamdtop, freshclam, xmr-stak-cpu, amule, ardour4, ardour5, brackets, calligra, calligraauthor, calligraconverter, calligraflow, calligraplan, calligraplanwork, calligrasheets, calligrastage, calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-earth,imagej, karbon, 1kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron, ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish, cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring, xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass, kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report cower (Arch), kdeinit4 - Add full link to source tarball from sourceforge - Add asc file- Update to version 0.9.50: * New features: - per-profile disable-mnt (--disable-mnt) - per-profile support to set X11 Xephyr screen size (--xephyr-screen) - private /lib directory (--private-lib) - disable CDROM/DVD drive (--nodvd) - disable DVB devices (--notv) - --profile.print * modif: --output split in two commands, --output and --output-stderr * set xpra-attach yes in /etc/firejail/firejail.config * Enhancements: - print all seccomp filters under --debug - /proc/sys mounting - rework IP address assingment for --net options - support for newer Xpra versions (2.1+) - - all profiles use a standard layout style - create /usr/local for firecfg if the directory doesn't exist - allow full paths in --private-bin * New seccomp features: - --memory-deny-write-execute - seccomp post-exec - block secondary architecture (--seccomp.block_secondary) - seccomp syscall groups - print all seccomp filters under --debug - default seccomp list update * new profiles: curl, mplayer2, SMPlayer, Calibre, ebook-viewer, KWrite, Geary, Liferea, peek, silentarmy, IntelliJ IDEA, Android Studio, electron, riot-web, Extreme Tux Racer, Frozen Bubble, Open Invaders, Pingus, Simutrans, SuperTux telegram-desktop, arm, rambox, apktool, baobab, dex2jar, gitg, hashcat, obs, picard, remmina, sdat2img, soundconverter truecraft, gnome-twitch, tuxguitar, musescore, neverball sqlitebrowse, Yandex Browser, minetest- Update to version 0.9.48: * modifs: whitelisted Transmission, Deluge, qBitTorrent, KTorrent; please use ~/Downloads directory for saving files * modifs: AppArmor made optional; a warning is printed on the screen if the sandbox fails to load the AppArmor profile * feature: --novideo * feature: drop discretionary access control capabilities for root sandboxes * feature: added /etc/firejail/globals.local for global customizations * feature: profile support in overlayfs mode * new profiles: vym, darktable, Waterfox, digiKam, Catfish, HandBrake * bugfixes- Update to version 0.9.44.4: * --bandwidth root shell found by Martin Carpenter (CVE-2017-5207) * disabled --allow-debuggers when running on kernel versions prior to 4.8; a kernel bug in ptrace system call allows a full bypass of seccomp filter; problem reported by Lizzie Dixon (CVE-2017-5206) * root exploit found by Sebastian Krahmer (CVE-2017-5180) - Update to version 0.9.44.6: * new fix for CVE-2017-5180 reported by Sebastian Krahmer last week * major cleanup of file copying code * tightening the rules for --chroot and --overlay features * ported Gentoo compile patch * Nvidia drivers bug in --private-dev * fix ASSERT_PERMS_FD macro * allow local customization using .local files under /etc/firejail backported from our development branch * spoof machine-id backported from our development branch - Remove obsoleted patches: firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch- Update to version 0.9.44.2: Security fixes: * overwrite /etc/resolv.conf found by Martin Carpenter * TOCTOU exploit for –get and –put found by Daniel Hodson * invalid environment exploit found by Martin Carpenter * several security enhancements Bugfixes: * crashing VLC by pressing Ctrl-O * use user configured icons in KDE * mkdir and mkfile are not applied to private directories * cannot open files on Deluge running under KDE * –private=dir where dir is the user home directory * cannot start Vivaldi browser * cannot start mupdf * ssh profile problems * –quiet * quiet in git profile * memory corruption - Fix VUL-0: local root exploit (CVE-2017-5180,bsc#1018259): firejail-CVE-2017-5180-fix1.patch firejail-CVE-2017-5180-fix2.patch- Update to version 0.9.44: * CVE-2016-7545 submitted by Aleksey Manevich Modifications: * removed man firejail-config * –private-tmp whitelists /tmp/.X11-unix directory * Nvidia drivers added to –private-dev * /srv supported by –whitelist New features: * allow user access to /sys/fs (–noblacklist=/sys/fs) * support starting/joining sandbox is a single command (–join-or-start) * X11 detection support for –audit * assign a name to the interface connected to the bridge (–veth-name) * all user home directories are visible (–allusers) * add files to sandbox container (–put) * blocking x11 (–x11=block) * X11 security extension (–x11=xorg) * disable 3D hardware acceleration (–no3d) * x11 xpra, x11 xephyr, x11 block, allusers, no3d profile commands * move files in sandbox (–put) * accept wildcard patterns in user name field of restricted shell login feature New profiles: * qpdfview, mupdf, Luminance HDR, Synfig Studio, Gimp, Inkscape * feh, ranger, zathura, 7z, keepass, keepassx, * claws-mail, mutt, git, emacs, vim, xpdf, VirtualBox, OpenShot * Flowblade, Eye of GNOME (eog), Evolution- Update to version 0.9.42: Security fixes: * –whitelist deleted files * disable x32 ABI in seccomp * tighten –chroot * terminal sandbox escape * several TOCTOU fixes Behavior changes: * bringing back –private-home option * deprecated –user option, please use “sudo -u username firejail” * allow symlinks in home directory for –whitelist option * Firejail prompt is enabled by env variable FIREJAIL_PROMPT=”yes” * recursive mkdir * include /dev/snd in –private-dev * seccomp filter update * release archives moved to .xz format New features: * AppImage support (–appimage) * AppArmor support (–apparmor) * Ubuntu snap support (/etc/firejail/snap.profile) * Sandbox auditing support (–audit) * remove environment variable (–rmenv) * noexec support (–noexec) * clean local overlay storage directory (–overlay-clean) * store and reuse overlay (–overlay-named) * allow debugging inside the sandbox with gdb and strace (–allow-debuggers) * mkfile profile command * quiet profile command * x11 profile command * option to fix desktop files (firecfg –fix) Build options: * Busybox support (–enable-busybox-workaround) * disable overlayfs (–disable-overlayfs) * disable whitlisting (–disable-whitelist) * disable global config (–disable-globalcfg) Runtime options: * enable/disable overlayfs (overlayfs yes/no) * enable/disable quiet as default (quiet-by-default yes/no) * user-defined network filter (netfilter-default) * enable/disable whitelisting (whitelist yes/no) * enable/disable remounting of /proc and /sys (remount-proc-sys yes/no) * enable/disable chroot desktop features (chroot-desktop yes/no) New/updated profiels: * Gitter, gThumb, mpv, Franz messenger, LibreOffice * pix, audacity, xz, xzdec, gzip, cpio, less * Atom Beta, Atom, jitsi, eom, uudeview * tar (gtar), unzip, unrar, file, skypeforlinux, * inox, Slack, gnome-chess. Gajim IM client, DOSBox - Enable apparmor support- Update to version 0.9.40: * Added firecfg utility * New options: -nice, -cpu.print, -writable-etc, -writable-var, - read-only * X11 support: -x11 option (-x11=xpra, -x11=xephr) * Filetransfer options: –ls and –get * Added mkdir, ipc-namespace, and nosound profile commands * added net, ip, defaultgw, ip6, mac, mtu and iprange profile commands * Run time config support, man firejail-config * AppArmor fixes * Default seccomp filter update * Disable STUN/WebRTC in default netfilter configuration * Lots of new profiles- initial package: 0.9.38old-atreju2 16520875130.9.66-bp154.1.220.9.66-bp154.1.22bash-completioncompletionsfirecfgfirejailfiremonfirejail-bash-completionCOPYING/usr/share//usr/share/bash-completion//usr/share/bash-completion/completions//usr/share/licenses//usr/share/licenses/firejail-bash-completion/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Backports:SLE-15-SP4/standard/2e149640fa06eaafc5698727a83a294f-firejailcpioxz5x86_64-suse-linuxdirectoryASCII text9ܗҀm},c ! !6g-/♼3QK^LTז֫_=p*&1Z\#J }% BABGF [Z*1T> ރ!^T!em|1` -1$ <~&k,C&by?NF" n&!^Us c/ o4tqv9^H\^>o5Q[8špOH ͆3,TiyfEz /6ޠq; n ryђpпfڌ6UJL=lajr ѳ"TY98QYY Gt?8σMU'Hm_Ad<)5GKReWDT)͂E0U0SuܰkD)'MMB~>gSK@ =\]•W8 WfxdYקQ.GT6cTx8|-62Vv~BWT:: _Ip?J`wZ_gpx?z# >(Cěns,Әl! j7xF.bXvvIR(!9i=1,|ad2H(7?JX7 M}.\%7yoq:P]5MToctb8^LI[Uǽ&Q - e 6\mLN*d1qQP`V/ǎ17] :]Kx F7LtDQC9UZJF{]䊽g ebc6!t8Lda _ֺǂ8kH.Y}Jq{پ8[og@y@p1[>+B fRau!5cX%T7͝TV ɍk$vC^+"TnYgPeJ`*sQbPɦ&o3)Eh7ψϨLfOHhz;\WϡC‹ >Òpyc&' 1lOI%B( 5ƙٲX"BAIuzfº#"9QA 8n(G2)A Cx]C61ZL@ 0W !@5MbPS#R:V쥫]s:u5T AE?۝[{#mN> vXOsʓEEZmo,,n>G3|wm7]1Cz#נA@* x9l۬ @U C!]imGr.0^&-TנE;_bʛߋScnqb{7ѥsqo;d/4Z2'8񐳳,.R4|E'FR"{NaoPy%E&U"G c=@McNj..D0A:ӄԌAyotæ5;lb.5{V˻yP$XQ½/ZKw -tKX6Hr8l*yBAt P$HJzz:{l4mc;~ A=hx奫'v[d>i築J'v.vۦgN˝pԕ"azB/>S_HGUݽ2Ӂ$.q7mK z{J[wkv !-?SY׸z Au]*xܺԊs8͛PVQ9%^@J$)=Xs׺?՜rvm#= F5X5D2﵊m4ہ_"%:!lJqf;זy>ֻ­=d jh- ٱ3m%O8,L4t"q綃ijD{l!Q:)N7%7E0>zcWZ˃K஖ݙgԐX-L.>EArGV8O(/~n"6Gۼ%IcbǀCqھDžޑfش$H8fݴ6ELf2d9Ibu]u}#Xvv ~ݩon~ [ݘV\@{jc[NC!_ N2Ʃ9]7ͨzImOЎ]ʌ{[-߬/V/ihWJӦ=S$ d}͕5t ̎Xs4& 1ƅ"X9E"TC$I] *rMR:ӲH  H+rz)/ ֜f#`)w"U};@V6aUS@pJ~7ol`&:W/Cƚ92Ņ,GR&P`Ta̲InZ 7 uTFGٻe&b_4i#͞ N}/Cf4SlЍg]s?UX"* z\4 A_iKǔǣ9 +"?M,~[' b~ 'SZSPViZsi'ݺ;bwFfyũP>#s1ViYL髙L}!!cYhYNFg6F,3{[FE`oqc;7t5&]ZwٔVa!"h*tUiZ`3vmk)ޛ]w є#Tp.evhXƎɶW\&K'|`38 s D?}7Vw&UC6Ba>(:˰~8TWGGs/IP`w[A5I'7FD܉z"Z'HAZדh,(0.6cj${_(PGMg%CͼQtBAwױJ߬Lȼ]h?<¤iYҏdbj=]sIX+'l3' q3X/SO]mL s#b:#SR1LDmhb|KwLO.2V1?Dk])-k?4Ϡ6VpfޯX;zz-|(GBAG. e;NVMկ`08`eU#ǸerPǥ7reSL.-=Ƚ{&dO;8 V P57ȭ/,e!Z3:3FIg|w3E \3 M'-E(KPSr:s*OE΃>bƾf'j(:l&@6(gϐf*zfȪc~@Qq[@U9G\H[ܽg +fWo/`z5F zFp>қ ?8I+[Q<j8J`!;zxw\|)$E:Ѭ=f1K^Q_n!C"AC@@.$>_sEIwy)OO9=o=AWXW΀*c2 zenCL}Zʵ&qbm!x ^rbttvٸ2T_xv8&wSʌQǢǹ}<$Sf GAOWTOz>5|0N׍ CQK3pϟ/X[f p6_U]P$P Ii|cze9RՃt(5GX]j}p/d{!lVF׏AM~!dG֦ʎ^Sp<,1g׀0vg!޺秣ZAvV ؟69֧j*u#`g\8n>,ۀ1_`oaI ]= u9(Z J=6;{Ⱥn+?3+Z iWKe<vCNQtAs(c/M?)4p<.+)ZD-FbKDv)h(f:V.o.xXI@PQb' U `\5<7 эmlփ!y7GoYm4@`;'dUAU jjy 0lPnPd@_-1 k+_aS$xy1/z9UU/H+ȑ|ii6c+(+&)SKdhd CXe5az*k\ 5KWQSG'`l/&Cΐ^CTیMrH9H–N~x<iʯis ip(!eƵiԋ@81|LU4!c.dFnA M)vïDdfM':bD-()6;n>TX=Ic/%q^)Uw)]Kw>_ro1RuS'_("gt&$s[m/WT*i4N7o3\z YZ