Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-07-25 |
|\ | |||
| * | fix make scan-build for debian 10 and arch | netblue30 | 2019-07-22 |
| | | |||
| * | fix make cppcheck for debian 10 | netblue30 | 2019-07-22 |
| | | |||
| * | snap cleanup - #2865 | netblue30 | 2019-07-22 |
| | | |||
| * | Update syscalls.txt | rusty-snake | 2019-07-22 |
| | | | | | | | | | | | | * remove mincore * add @default without chroot * add @default-nodebuggers without chroot | ||
* | | fix whitelisting for homedirs outside /home | smitsohu | 2019-07-25 |
| | | |||
* | | fix verbosity for non-authorized user | smitsohu | 2019-07-22 |
|/ | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | ||
* | merges | rusty-snake | 2019-07-18 |
| | |||
* | fix gucharmap & add gnome-characters, gnome-character-map | rusty-snake | 2019-07-18 |
| | |||
* | use allow-debuggers in spectre-meltdown-checker | rusty-snake | 2019-07-18 |
| | |||
* | Harden gnome-schedule | glitsj16 | 2019-07-18 |
| | | | Let's disable using a terminal for cron job testing by default and make this a whitelist profile. | ||
* | travis ci: add enable-fatal-warnings | smitsohu | 2019-07-18 |
| | |||
* | document profile support for allow-debuggers in firejail-profile man page ↵ | Sebastian Hafner | 2019-07-17 |
| | | | | (#2861) | ||
* | faudit: fix gcc stringop-truncation warning | smitsohu | 2019-07-17 |
| | |||
* | packaging badge | netblue30 | 2019-07-16 |
| | |||
* | apparmor: minor improvements | Vincent43 | 2019-07-16 |
| | | | | | | | Use @{PID} consistently. Remove 'deny /proc/** w,' suggestion as it will break all whitelisted entries. | ||
* | check for dir existence before private-* mount | smitsohu | 2019-07-16 |
| | | | fixes #2859 | ||
* | profile support for allow-debuggers (#2856) | Sebastian Hafner | 2019-07-15 |
| | |||
* | apparmor: allow writing to /proc/@{PID}/comm | Vincent43 | 2019-07-14 |
| | | | | | | This is needed by various electron apps, see: https://github.com/netblue30/firejail/issues/2538 https://github.com/netblue30/firejail/issues/2854 | ||
* | homedirs: turn "informational error" into warning | smitsohu | 2019-07-14 |
| | |||
* | don't allow root directory as home | smitsohu | 2019-07-14 |
| | |||
* | Merge pull request #2858 from veloute/sn-fix | veloute | 2019-07-13 |
|\ | | | | | fix seccomp issues with standardnotes-desktop. see issue #2854 | ||
| * | issues with electron-based apps. see issue #2854 | veloute | 2019-07-13 |
|/ | |||
* | update version table | Reiner Herrmann | 2019-07-13 |
| | |||
* | uniformly mask /home in all private home options | smitsohu | 2019-07-12 |
| | |||
* | private-home: remove redundancy | smitsohu | 2019-07-12 |
| | |||
* | Merge pull request #2855 from veloute/galc-fix | rusty-snake | 2019-07-12 |
|\ | | | | | ipc-namespace breaks galculator on archlinux | ||
| * | ipc-namespace breaks galculator on archlinux | veloute | 2019-07-12 |
| | | |||
* | | rename some variables so they don't shadow others with same name | Reiner Herrmann | 2019-07-11 |
| | | | | | | | | via lgtm.com | ||
* | | fix minor issues from lgtm.com | Reiner Herrmann | 2019-07-11 |
| | | |||
* | | Merge pull request #2850 from disconnect3d/patch-1 | Reiner Herrmann | 2019-07-11 |
|\ \ | | | | | | | Update pid.c | ||
| * | | Update pid.c | Disconnect3d | 2019-07-10 |
| | | | | | | | | | Remove redundant `child` variable in src/lib/pid.c | ||
* | | | Update libpostexecseccomp.c (#2851) | Disconnect3d | 2019-07-11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * Update libpostexecseccomp.c Remove `if (size != 0)` condition, which is always true as there is a `if (size <= 0)` condition before. Also note that if the `if (size <= 0)` condition wouldn't be there and `size` would be 0, there would have been an undefined behavior in due to division by zero in `(unsigned short) size / (unsigned short) sizeof(struct sock_filter);`. Found with LGTM: https://lgtm.com/projects/g/netblue30/firejail/snapshot/961c4ca00425b60a7bc8543460031a8ebf3d8aa6/files/src/libpostexecseccomp/libpostexecseccomp.c#x838c24f710410160:1 | ||
* | | | Support media on other drives in youtube-dl.profile | glitsj16 | 2019-07-11 |
| | | | | | | | | | Thanks to @SkewedZeppelin for catching this, see comments in https://github.com/netblue30/firejail/pull/2584. | ||
* | | | remove duplicate fclose/free | Reiner Herrmann | 2019-07-10 |
| | | | |||
* | | | less.profile: make ${HOME} read-only | Vincent43 | 2019-07-10 |
|/ / | | | | | less is usually used to view various text files including configs so blacklisting many of them in ${HOME} make it less(sic!) usable. We can make them read-only instead. | ||
* | | Add gdb-firejail.sh to contrib for easy debugging of firejail with gdb. | Glenn Washburn | 2019-07-09 |
| | | |||
* | | Sort private-bin in obs.profile (#2848) | glitsj16 | 2019-07-09 |
| | | |||
* | | Add redirects for mpg123 (#2847) | glitsj16 | 2019-07-09 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Create conplay.profile * Create mpg123.bin.profile * Create mpg123-alsa.profile * Create mpg123-id3dump.profile * Create mpg123-jack.profile * Create mpg123-nas.profile * Create mpg123-openal.profile * Create mpg123-oss.profile * Create mpg123-portaudio.profile * Create mpg123-pulse.profile * Create mpg123-strip.profile * Create out123.profile * Add mpg123 redirects to fireconfig | ||
* | | Merge pull request #2844 from crass/fix-561-trace-appimage | netblue30 | 2019-07-09 |
|\ \ | | | | | | | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | ||
| * | | Fix issue #561. Refactor/Optimize code to get and use pid and process name. | Glenn Washburn | 2019-07-09 |
| | | | |||
* | | | Merge pull request #2843 from crass/fix-2842-extra-appimage-envvars | netblue30 | 2019-07-09 |
|\ \ \ | | | | | | | | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | ||
| * | | | Add OWD and ARGV0 environment variables. Correctly create APPIMAGE envvar. | Glenn Washburn | 2019-07-09 |
| |/ / | |||
* | | | Merge pull request #2845 from smitsohu/homedir2 | netblue30 | 2019-07-09 |
|\ \ \ | |/ / |/| | | improve support for home directories outside /home | ||
| * | | main.c: define O_PATH (CentOS 6 fix) | smitsohu | 2019-07-09 |
| | | | |||
| * | | move to fd based homedir mounts | smitsohu | 2019-07-09 |
| | | | |||
| * | | add symlink resolution for home directories | smitsohu | 2019-07-09 |
| | | | |||
* | | | Fix #2726 | Fred Barclay | 2019-07-08 |
| | | | | | | | | | | | | private-bin was too restrictive and didn't allow desktop recording | ||
* | | | keep dconf database read-only | smitsohu | 2019-07-08 |
|/ / | |||
* | | more simplification of fs_check_chroot_dir | smitsohu | 2019-07-08 |
| | |