Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Speedup the buildsystem | rusty-snake | 2020-04-04 |
| | | | | | | | - replaing 'include /etc/firejail/foobar.inc' with 'include $(sysconfdir)/firejail/foobar.inc' is useless since 0.9.58 - onetime calling install with globbing is faster the a loop calling install nearly 1000 times | ||
* | seccomp: allow defining separate filters for 32-bit arch | Topi Miettinen | 2020-03-28 |
| | | | | | | | | | | | | | | | | | | | | | System calls (names and numbers) are not exactly the same for 32 bit and 64 bit architectures. Let's allow defining separate filters for 32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This is useful for mixed 64/32 bit application environments like Steam and Wine. Implement protocol and mdwx filtering also for 32 bit arch. It's still better to block secondary archs completely if not needed. Lists of supported system calls are also updated. Warn if preload libraries would be needed due to trace, tracelog or postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic linker does not understand the 64 bit preload libraries. Closes #3267. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | profile stats | netblue30 | 2020-03-19 |
| | |||
* | include m4 directory in source archive | Reiner Herrmann | 2019-12-30 |
| | |||
* | testing | netblue30 | 2019-10-31 |
| | |||
* | misc fixes | rusty-snake | 2019-08-26 |
| | | | | | | - fix for #2038 - update RELNOTES - fix #2925 | ||
* | various fixes and improvements | rusty-snake | 2019-08-22 |
| | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | ||
* | fix make scan-build for debian 10 and arch | netblue30 | 2019-07-22 |
| | |||
* | fix make cppcheck for debian 10 | netblue30 | 2019-07-22 |
| | |||
* | snap cleanup - #2865 | netblue30 | 2019-07-22 |
| | |||
* | Improve profile PRs (Related to #2739) (#2784) | rusty-snake | 2019-06-24 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add contrib/sort.py and .github/pull_request_temp… * Add usage to sort.py * Install sort.py if contrib-install is set * sort.py: 0644 -> 0755 * Update sort.py * Update pull_request_template.md * Remove checkboxes from PR-Template * Update sort.py * Add examples to sort.py * Update pull_request_template.md Fix path to sort.py, it depend on the distro. * Update pull_request_template.md * Update pull_request_template.md add hint about template | ||
* | enable additional cppchecks and fix a warning | Reiner Herrmann | 2019-06-21 |
| | |||
* | installing etc/templates in /usr/share/doc/firejail directory | netblue30 | 2019-06-01 |
| | |||
* | Retain local apparmor customizations | glitsj16 | 2019-02-05 |
| | | | This fixes https://github.com/netblue30/firejail/issues/2388. | ||
* | porting make deb-apparmor from LTS build | netblue30 | 2019-01-26 |
| | |||
* | evaluate UID_MIN/GID_MID at runtime, remove compile time evaluation - fixes ↵ | netblue30 | 2018-06-04 |
| | | | | #1964 | ||
* | remove 64bit seccomp filter from 32bit architectures | netblue30 | 2018-05-06 |
| | |||
* | add dependency on uids.h in $(MYLIBS) | Reiner Herrmann | 2018-04-23 |
| | |||
* | firejail user access database | netblue30 | 2018-04-08 |
| | |||
* | deprecated --git-install and --git-uninstall | netblue30 | 2018-04-04 |
| | |||
* | added --disable-suid to configuration script | netblue30 | 2018-04-02 |
| | |||
* | testing ssh | netblue30 | 2018-04-01 |
| | |||
* | consolidate makefiles | netblue30 | 2018-03-31 |
| | |||
* | testing | netblue30 | 2018-03-31 |
| | |||
* | support Spectre mitigation patch for gcc compiler | netblue30 | 2018-03-23 |
| | |||
* | optimize default seccomp filters | netblue30 | 2018-01-02 |
| | |||
* | replacing seccomp printing with a seccomp disassembler | netblue30 | 2017-12-28 |
| | |||
* | netfilter template support | netblue30 | 2017-11-18 |
| | |||
* | fix install-strip | netblue30 | 2017-11-15 |
| | |||
* | netfilter split | netblue30 | 2017-11-13 |
| | |||
* | private-lib | netblue30 | 2017-10-10 |
| | |||
* | --build | netblue30 | 2017-09-16 |
| | |||
* | Improve seccomp support for non-x86 architectures | Topi Miettinen | 2017-09-02 |
| | |||
* | typo in seccomp filter name | Reiner Herrmann | 2017-08-29 |
| | |||
* | include chroot tests in dist tarball | Reiner Herrmann | 2017-08-29 |
| | |||
* | run sysutils tests in test target | Reiner Herrmann | 2017-08-29 |
| | |||
* | Feature: switch/config option to block secondary architectures | Topi Miettinen | 2017-08-19 |
| | | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479 | ||
* | travis test | netblue30 | 2017-08-14 |
| | |||
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | private-lib: split fldd as a separate application | netblue30 | 2017-08-03 |
| | |||
* | Apparmor: add local configuration | Vladimir Schowalter | 2017-08-02 |
| | |||
* | Memory-deny-write-execute feature | Topi Miettinen | 2017-07-30 |
| | | | | Feature to block attempts to create writable and executable memory. | ||
* | strip trailing whitespace | Fred Barclay | 2017-05-24 |
| | |||
* | make seccomp optional | Duncan Overbruck | 2017-05-17 |
| | |||
* | Makefile fix | netblue30 | 2017-04-13 |
| | |||
* | Make installation of contrib scripts configurable | Reiner Herrmann | 2017-04-13 |
| | |||
* | install fgit scripts only if configured with git-install support | Reiner Herrmann | 2017-04-10 |
| | |||
* | install support for fj-mkdeb.py (#1205) | netblue30 | 2017-04-09 |
| | |||
* | testing | netblue30 | 2017-03-29 |
| | |||
* | merge #1100 from zackw: removed libconnect | netblue30 | 2017-02-14 |
| |