Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | New profiles for balsa,trojita,kube (#3603) | kortewegdevries | 2020-09-03 |
| | | | | | | | | | | | | | | | | | | | | | * Added minecraft-launcher-profile Initial * Changed minecraft-launcher profile Added space,tracelog,nodvd * New profiles for balsa,trojita,kube * Switch to whitelisting * Enable gpg,firefox uniformity between other clients * Hyperlinks * Fix Co-authored-by: kortewegdevries <k0rtic_dv@aol.com> | ||
* | bringing in awk preprocessor from rusty-snake | netblue30 | 2020-09-02 |
| | |||
* | fix private-bin in smplayer.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-bin in mpv.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-bin in man.profile | glitsj16 | 2020-09-02 |
| | |||
* | fix private-etc ordering | glitsj16 | 2020-09-02 |
| | |||
* | manpage: remove overlayfs from non-overlayfs builds | startx2017 | 2020-09-02 |
| | |||
* | manpage: remove apparmor from non-apparor builds | startx2017 | 2020-09-02 |
| | |||
* | harden redeclipse | rusty-snake | 2020-09-02 |
| | |||
* | allow flatpak/exports also for systemd-wide location | rusty-snake | 2020-09-02 |
| | |||
* | readme and relnotes | rusty-snake | 2020-09-02 |
| | |||
* | New profile for man,psi,smuxi; fix pidgin (#3590) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | | | | | | | | | | | * Profile for Psi * Fix pidgin buddy icon * Profile for man * Add profile for smuxi * Comment man in firecfg * Add pinentry programs * Update etc/profile-m-z/psi.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> | ||
* | Fix private-etc of electron-mail, fix geary,minitube (#3588) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Fix private-etc of electron-mail * Fix dbus of geary * Fix geary again, remove GPG * Fix seccomp on Arch | ||
* | Fixes #3596 (#3619) | kortewegdevries | 2020-09-02 |
| | |||
* | Various profiles # 2 (#3566) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Matrix clients Initial * Add profile for fractal, # 1139 * Fixes | ||
* | Various profiles (#3561) | kortewegdevries | 2020-09-02 |
| | | | | | | | | | * Various profiles Initial * Various fixes # 1 Removed blacklist,no3d; added icon flatpak paths;sorting;added space | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-09-01 |
|\ | |||
| * | Merge branch 'master' of https://github.com/netblue30/firejail | startx2017 | 2020-09-01 |
| |\ | |||
| | * | #3106-1, include @mount in @default insted of all the syscalls | rusty-snake | 2020-09-01 |
| | | | |||
| * | | preprocessor for man pages | startx2017 | 2020-09-01 |
| | | | |||
| * | | fix make test-compile - cleanup | startx2017 | 2020-09-01 |
| | | | |||
| * | | removed --disable-seccomp from ./configure | startx2017 | 2020-09-01 |
| |/ | |||
* / | fshaper.sh fix (#3620) | netblue30 | 2020-09-01 |
|/ | |||
* | shell none: avoid syscalls after seccomp_install_filters | smitsohu | 2020-09-01 |
| | | | fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2020-08-31 |
|\ | |||
| * | fix #3614 -- telegram.profile needs netlink protocol | rusty-snake | 2020-08-30 |
| | | |||
* | | join: move to mmapped sandbox status indicator | smitsohu | 2020-08-31 |
| | | | | | | | | | | | | | | | | | | | | 1) close #3612 2) remove an implicit limitation on rlimit-fsize option (could not set limit to smaller than 6 bytes without affecting the ability to join a sandbox) 3) rename 'join-or-start' file to just 'join' 4) when waiting for a sandbox that is not fully configured yet, increase polling frequency from 10 per second to 100 per second | ||
* | | chroot: unify path name handling | smitsohu | 2020-08-30 |
|/ | |||
* | don't attempt to set window title if stdout is not a terminal | smitsohu | 2020-08-28 |
| | | | closes #3356 | ||
* | private-dev: blacklist stashed syslog socket when it is not needed anymore | smitsohu | 2020-08-28 |
| | | | closes #3584 | ||
* | expose pulseaudio in chroot if FIREJAIL_CHROOT_PULSE is set | smitsohu | 2020-08-27 |
| | | | | issue #3568 | ||
* | chroot: little tweaks | smitsohu | 2020-08-27 |
| | |||
* | mask writable pulseaudio runtime dir | smitsohu | 2020-08-27 |
| | | | | ... and don't fail hard without need if there is a FUSE mount | ||
* | improve copy_file | smitsohu | 2020-08-27 |
| | | | | don't report success if read failed | ||
* | whitelist-var-common.inc: fix certificate verification | smitsohu | 2020-08-26 |
| | |||
* | cat fixes | smitsohu | 2020-08-25 |
| | |||
* | wusc whitelists /usr/share/perl{,5} now | rusty-snake | 2020-08-25 |
| | | | | | | | This commit removes it from profile which have it. /usr/share/perl* is still inaccessible for profiles with wusc and disable-interpreters.inc w/o allow-perl.inc. | ||
* | add whitelist items for uim (#3587) | Anton Shestakov | 2020-08-24 |
| | | | | | | | | | * add ~/.uim.d directory to whitelist-common.inc uim is a multilingual input method framework (similar to ibus, which has its own entry in this file). * add /var/lib/uim to whitelist-var-common.inc When user installs an uim module (for example, an input method like anthy or mozc), it gets registered in a file in this directory. | ||
* | fix --join for sandboxes with xdg-dbuss-proxy | netblue30 | 2020-08-22 |
| | |||
* | firemon fix for xdg-bus-proxy | netblue30 | 2020-08-22 |
| | |||
* | minor cleanup: move pid functions from main.c to util.c | netblue30 | 2020-08-22 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2020-08-22 |
|\ | |||
| * | Merge pull request #3572 from smitsohu/dumpable | netblue30 | 2020-08-22 |
| |\ | | | | | | | hardening: run plugins with dumpable flag cleared | ||
| | * | cleanup | smitsohu | 2020-08-17 |
| | | | |||
| | * | add dumpable warnings | smitsohu | 2020-08-17 |
| | | | |||
| | * | various x11 xorg enhancements | smitsohu | 2020-08-17 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) copy xauth binary into the sandbox and set mode to 0711, so it runs with cleared dumpable flag for unprivileged users 2) run xauth in an sbox sandbox 3) generate Xauthority file in runtime directory instead of /tmp; this way xauth is able to connect to the X11 socket even if the abstract socket doesn't exist, for example because a new network namespace was instantiated | ||
| | * | hardening: run plugins with dumpable flag cleared | smitsohu | 2020-08-17 |
| | | | | | | | | | | | | | | | | | | | | | the kernel clears the dumpable flag if a user has no read permission on an executable and it is owned by another user; I omitted faudit, fbuilder and ftee for now as they are not used to configure the sandbox itself, and as this commit is going to complicate debugging efforts to some extent | ||
| * | | Merge pull request #3594 from smitsohu/ls | netblue30 | 2020-08-22 |
| |\ \ | | | | | | | | | cat option | ||
| | * | | harden cat option | smitsohu | 2020-08-20 |
| | | | | |||
| | * | | Merge branch 'master' into ls | smitsohu | 2020-08-19 |
| | |\ \ |