Major changes in 0.4.5 ====================== * Support signing commits in build-export * Correctly handle symlinks in host root when app has host-fs access * Always regenerate summary after build-export * Make uninstall a bit more robust * Install the dbus introspection files * Add human readable size to build-export report * Add /dev/ptmx symlink in app * Fix apps not getting SIGCHILD * Only expose minimal /etc/[passwd|group] in app Major changes in 0.4.4 ====================== * Fix race condition in fuse fs * Don't save uid/gid/xattrs in build-export * run: Handle existing mounts with spaces in them * propagate xauth cookies to sandbox Major changes in 0.4.3 ====================== * Build with older ostree * Add --nofilesystem flag to e.g. xdg-app run * Add xdg-app dump-runtime command Major changes in 0.4.2.1 ====================== * Fix dbus proxy Major changes in 0.4.2 ====================== * Fix build with older versions of glib * Fix regression in filesystem access configuration * Make seccomp use optional (for arches without it) * Add xdg-app enter command to enter a running sandbox * Fix /var/cache being readonly * Add /var/data and /var/config shortcuts for per-app data * Minor fixes to bash completion Major changes in 0.4.1 ====================== * Fixed a parallel build issue * Fixed a build issue where openat() didn't get a mode passed * Don't block ptrace and perf in debug and build runs * Put nvidia drivers in sandbox if DRI allowed * Support specifying a version for runtime extensions Major changes in 0.4.0 ====================== * A new permissions store was added to the dbus api. This can be used by portal implementations that want to store per-app permissions for objects. * The document portal was added. This is a dbus api which you can use to create document ids and assign apps permissions to see these documents. The documents themselves are accessed via a custom fuse filesystem. * perf and strace are now blocked via the seccomp filters * You can now override application metadata on a system and per-user level, giving apps more or less access than what they request. * New command modify-remote added which lets you change configuration of a remote after it has been added with add-remote. * Support for adding trusted gpg keys on a per-remote basis has been added to add-remote and modify-remote. * The repo-contents command has been renamed to ls-remote to better match the other commands. * The list-remotes command can now show more information about the remotes. * The bash completion implementation has been improved. Major changes in 0.3.6 ====================== * Fix a typo in the socket seccomp rules that made ipv6 not work * Export the users fonts (~/.local/share/fonts or ~/.fonts) in the sandbox * Fix seccomp rules to work on i386 * Make exposing xdg user dirs work right