summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAge
* split out terminal blacklisting in disable-terminals.incLibravatar netblue302016-02-12
|
* seccomp fixesLibravatar netblue302016-02-12
|
* set sandbox nice valueLibravatar netblue302016-02-11
|
* fix problem with relative path in storage_find functionLibravatar netblue302016-02-10
|
* Merge pull request #289 from manevich/patch-2Libravatar netblue302016-02-10
|\ | | | | Fix problem with relative path in storage_find function
| * Fix problem with relative path in storage_find functionLibravatar Aleksey Manevich2016-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | storage_find function fails on relative path, so nothing reported to log when blacklisted file accessed by relative path. This is because CWD is NULL when realpath function called. How to reproduce: touch /home/user/somefile firejail --blacklist=somefile --tracelog cat somefile Solution: keep CWD value and set it before calling realpath. In order to do this: * new wrapper for chdir call, and variable to keep CWD added. * storage_find modified to chdir before calling realpath function. * order of storage_find and orig_* calls in syscall wrappers changed, to prevent error set by calls in storage_find leak outside. * condition for calling realpath changed to include double-slash and path without initial slash.
* | STUN/WebRTC disabled in default netfilter configurationLibravatar netblue302016-02-10
| |
* | STUN/WebRTC disabled in default netfilter configurationLibravatar netblue302016-02-10
| |
* | STUN/WebRTC disabled in default netfilter configurationLibravatar netblue302016-02-10
|/
* whitelisting ~/.pki in Firefox, Crome/Cromium, OperaLibravatar netblue302016-02-09
|
* fixed man firejail-profileLibravatar netblue302016-02-09
|
* chroot testingLibravatar root2016-02-09
|
* chroot testingLibravatar root2016-02-09
|
* isolate command name problemLibravatar netblue302016-02-08
|
* whitelist fixLibravatar netblue302016-02-08
|
* fixed whitelist problemLibravatar netblue302016-02-08
|
* set window titleLibravatar netblue302016-02-08
|
* default seccomp filter updateLibravatar netblue302016-02-08
|
* default seccomp filter updateLibravatar netblue302016-02-08
|
* default seccomp filter updateLibravatar netblue302016-02-08
|
* 0.9.38 released0.9.38Libravatar netblue302016-02-05
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-02
|
* 0.9.38 testingLibravatar netblue302016-02-01
|
* deprecated --private-home featureLibravatar netblue302016-02-01
|
* various fixesLibravatar netblue302016-01-31
|
* various fixesLibravatar netblue302016-01-31
|
* fixed ssh login in firejail shellLibravatar netblue302016-01-31
|
* mupen64plus profileLibravatar netblue302016-01-31
|
* Merge pull request #274 from manevich/patch-1Libravatar netblue302016-01-31
|\ | | | | Make additional vimrc files; .xscreensaver file read only
| * Make additional vimrc, .xscreensaver files read onlyLibravatar Aleksey Manevich2016-01-30
| | | | | | | | Add .gvimrc and _ versions of other files used by vim when no dot-version available. Add .xscreensaver that can be used for arbitrary command execution by setting "textProgram" (instead of default fortune) and screensaver that launches it.
* | Merge pull request #275 from kalegrill/mupen64plusLibravatar netblue302016-01-31
|\ \ | |/ |/| add mupen64plus profile
| * add mupen64plus profileLibravatar Tom Mellor2016-01-30
|/
* Merge pull request #272 from mcarpenter/typosLibravatar netblue302016-01-30
|\ | | | | Typos
| * TyposLibravatar Martin Carpenter2016-01-30
|/
* release 0.9.38-rc1 testing0.9.38-rc1Libravatar netblue2016-01-29
|
* 0.9.38-rc1 testingLibravatar netblue302016-01-29
|
* Centos 6 supportLibravatar netblue302016-01-29
|
* Merge pull request #269 from mcarpenter/sa_family_tLibravatar netblue302016-01-29
|\ | | | | Include <sys/socket.h> for sa_family_t (RHEL 6.6)
| * Include <sys/socket.h> for sa_family_t (RHEL 6.6)Libravatar Martin Carpenter2016-01-29
| |
* | Merge pull request #268 from mcarpenter/cap_syslogLibravatar netblue302016-01-29
|\ \ | | | | | | Fix for systems that don't have CAP_SYSLOG
| * | Fix for systems that don't have CAP_SYSLOGLibravatar Martin Carpenter2016-01-29
| |/ | | | | | | | | | | | | CAP_SYSLOG was retroactively split from CAP_SYSADMIN (Linux kernel commit ce6ada35bdf710d16582cc4869c26722547e6f11). Existing supported systems might not yet have this commit (eg RHEL 6.6) in which case compilation fails.
* | Merge pull request #267 from manevich/patch-1Libravatar netblue302016-01-29
|\ \ | |/ |/| Add alternative location for muttrc
| * Add alternative location for muttrcLibravatar manevich2016-01-29
|/ | | By default mutt looks for ~/.muttrc or ~/.mutt/muttrc files.
* the first protocol list requested takes precedenceLibravatar netblue302016-01-28
|
* Merge pull request #265 from pszxzsd/ugetLibravatar netblue302016-01-27
|\ | | | | remove duplicate include from uGet profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-07 10:43:46 +0000