| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
issue #3604
follow-up to a7607e423f3336f67daf2ec296414d55c6740f84
|
|
|
|
|
|
|
|
|
|
|
|
| |
If firejail is the login shell, the SHELL environment variable
is set to the path of the firejail executable. This leads to execution of a
'firejail -l' command, but firejail inside the sandbox does
not know what to do with the -l option and just starts bash without
forwarding this option.
Fix this by not checking $SHELL when guessing which shell should be used.
run_no_sandbox(), which relies on reading the environment, runs before
setting the login_shell variable, and is not affected.
|
|
|
|
|
| |
issue #3784
related commit 4bc92b8fd0a5c22c7d4c6f9323378501c60ff149
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
…on to chromium, remove the nowhlist from min and
its whlist from riot-web.
TODO: remove the 'ignore whitelist /usr/share/chomium' from the most
profiles with it.
|
| |
|
|\
| |
| | |
x11=none: don't fail on abstract socket if netns …
|
| |
| |
| |
| |
| |
| | |
…is used.
fix #3838 -- --x11=none --netns=isolated invalidly errors on the abstract X11 socket being accessible
|
| |
| |
| |
| | |
plus very minor cosmetic improvements
|
| |
| |
| |
| |
| | |
see suggested setup in man 5 firejail-users
also related to issue #3604
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the missing binaries in the DNS section, as suggested by @glitsj16:
https://github.com/netblue30/firejail/pull/3810#issuecomment-742920539
Packages and their relevant binaries:
* bind: dnssec-*
* knot: khost
* unbound: unbound-host
|
|/
|
|
|
|
|
|
|
| |
* limit file system access with comments in archiver-common.inc
* note wording
* Warn against overtightening file system access
Be more explicit about things breaking when archiver profiles are too tight. Thanks for the suggestion by @rusty-snake in #3834.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor electron.profile and electron based programs (1)
* Refactor electron.profile and electron based programs (2)
* Refactor electron.profile and electron based programs (3)
* Refactor electron.profile and electron based programs (4)
* Refactor electron.profile and electron based programs (5)
* Refactor electron.profile and electron based programs (6)
* Refactor electron.profile and electron based programs (7)
* Refactor electron.profile and electron based programs (8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* drop private-bin
* drop private-bin
* drop private-bin
* drop private-bin
* drop private-bin
* disable private-lib in tar.profile
Removing private-bin caused a test to fail - see discussion in https://github.com/netblue30/firejail/pull/3832. Thanks to @reinerh for explaining why I broke things!
|
|
|
|
|
|
|
|
|
|
|
| |
"Portable OpenBSD ksh, based on the Public Domain Korn Shell (pdksh)."
Project page: https://github.com/ibara/oksh
$ pacman -Q oksh
oksh 6.8.1-1
$ pacman -Qlq oksh | grep bin/
/usr/bin/
/usr/bin/oksh
|
|
|
|
|
|
|
| |
* New profiles for alacarte,tootle,photoflare
* Fix dbus
Co-authored-by: kortewegdevries <kortewegdevries@protonmail.ch>
|
|
|
|
|
| |
* fix gzip
* fix tar
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* harden 7z.profile
* harden atool.profile
* harden bsdtar.profile
* harden cpio.profile
* harden gzip.profile
* harden tar.profile
* harden unrar.profile
* harden unzip.profile
* harden xzdec.profile
* harden zstd.profile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create archiver-common.inc
* add apparmor to archiver-common.inc
* refactor 7z.profile
* refactor ar.profile
* refactor atool.profile
* refactor bsdtar.profile
* refactor cpio.profile
* refactor gzip.profile
* refactor tar.profile
* refactor unrar.profile
* refactor unzip.profile
* refactor xzdec.profile
* refactor zstd.profile
* rewording
* blacklist ${RUNUSER} in archiver-common.inc
Thanks to @rusty-snake for suggesting this.
* drop non-sensical ${RUNUSER}/wayland-* blacklisting in archiver-common.inc
See discussion in https://github.com/netblue30/firejail/pull/3820#discussion_r543523343
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
* drop non-sensical ${RUNUSER}/wayland-* blacklisting
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Rename etc/inc/softmaker-common.inc to etc/profile-m-z/softmaker-common.profile
As per suggestion by @rusty-snake in https://github.com/netblue30/firejail/pull/3819#issuecomment-745244982
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
* softmaker-common.profile name change
|
|
|
| |
Better fix for #3711, see discussion there.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update and rename whitelist-players.inc to whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
* renamed whitelist-player-common.inc
|
|
|
| |
Co-authored-by: fenuks <fenuks>
|
|
|
|
|
|
|
|
|
|
|
| |
* streamline comments
* streamline comments
* streamline comments
* streamline comments
* streamline comments
|
|\
| |
| | |
Create firejail-welcome.s
|
| |
| |
| |
| | |
typos, spelling and other fixes. thanks @reinerh for all these
|
| |
| |
| |
| | |
fix #3797 -- Get ride of all these u2f and drm issues
|
| | |
|
|\ \
| | |
| | | |
Dc add ldns
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
drill(1) from ldns is the first tool suggested on the Arch Wiki for DNS
lookup:
https://wiki.archlinux.org/index.php/Domain_name_resolution#Lookup_utilities
Home page: https://www.nlnetlabs.nl/projects/ldns/about/
$ pacman -Q ldns
ldns 1.7.1-2
$ pacman -Qlq ldns | grep bin
/usr/bin/
/usr/bin/drill
/usr/bin/ldns-chaos
/usr/bin/ldns-compare-zones
/usr/bin/ldns-config
/usr/bin/ldns-dane
/usr/bin/ldns-dpa
/usr/bin/ldns-gen-zone
/usr/bin/ldns-key2ds
/usr/bin/ldns-keyfetcher
/usr/bin/ldns-keygen
/usr/bin/ldns-mx
/usr/bin/ldns-notify
/usr/bin/ldns-nsec3-hash
/usr/bin/ldns-read-zone
/usr/bin/ldns-resolver
/usr/bin/ldns-revoke
/usr/bin/ldns-rrsig
/usr/bin/ldns-signzone
/usr/bin/ldns-test-edns
/usr/bin/ldns-testns
/usr/bin/ldns-update
/usr/bin/ldns-verify-zone
/usr/bin/ldns-version
/usr/bin/ldns-walk
/usr/bin/ldns-zcat
/usr/bin/ldns-zsplit
/usr/bin/ldnsd
|
| |/ |
|
| |
| |
| |
| |
| | |
* add curl HSTS support
* add HSTS support
|
| | |
|
|/
|
|
|
| |
* integrate relevant options into server.profile
* relax mdwe and dbus-system in server.profile
|
| |
|
| |
|
|
|
| |
Fixes #3805.
|
| |
|
| |
|
| |
|