Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Add support for SELinux labeling | Topi Miettinen | 2020-02-22 |
| | | | | | | | | | | | | | | | | | | | | | | | Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin` shows that the SELinux labels are not correct: ``` user_u:object_r:user_tmpfs_t:s0 . system_u:object_r:usr_t:s0 .. user_u:object_r:user_tmpfs_t:s0 bash user_u:object_r:user_tmpfs_t:s0 ls ``` After fixing this: ``` system_u:object_r:bin_t:s0 . system_u:object_r:usr_t:s0 .. system_u:object_r:shell_exec_t:s0 bash system_u:object_r:bin_t:s0 ls ``` Most copied files and created directories should now have correct labels (bind mounted objects keep their labels). This is useful to avoid having to change the SELinux rules when using Firejail. | ||
* | tentative fix for #3075 | netblue30 | 2019-12-08 |
| | |||
* | mainline moving to 0.9.63 for new development; release 0.9.62 is handled on ↵ | netblue30 | 2019-12-06 |
| | | | | release-0.9.62 branch | ||
* | testing for -fstack-clash-protection and -fstack-protector-strong compile flags | netblue30 | 2019-06-26 |
| | |||
* | disable firetunnel at config time (#2793) | netblue30 | 2019-06-24 |
| | |||
* | use pkg-config macro to locate apparmor and flags | Reiner Herrmann | 2019-06-21 |
| | |||
* | use AX_CHECK_COMPILE_FLAG to check for spectre flags | Reiner Herrmann | 2019-06-21 |
| | | | | Fixes #2661 | ||
* | 0.9.60 is out, movin to 0.9.61 | netblue30 | 2019-05-27 |
| | |||
* | 0.9.60 testing | netblue30 | 2019-05-26 |
| | |||
* | moving to rc2 | netblue30 | 2019-04-21 |
| | |||
* | 0.9.60-rc1 testing0.9.60-rc1 | netblue30 | 2019-04-21 |
| | |||
* | 0.9.58.2 is out, moving back to 0.9.59 | netblue30 | 2019-02-08 |
| | |||
* | 0.9.58.2 testing | netblue30 | 2019-02-08 |
| | |||
* | moving to 0.9.59 | netblue30 | 2019-01-27 |
| | |||
* | release 0.9.58 testing | netblue30 | 2019-01-26 |
| | |||
* | release 0.9.58-rc1 | netblue30 | 2019-01-21 |
| | |||
* | reverting to 0.9.57 | netblue30 | 2018-10-21 |
| | |||
* | 0.9.56.1 - bugfix release | netblue30 | 2018-10-11 |
| | |||
* | configure.ac: set sysconfdir only if none was specified manually | Reiner Herrmann | 2018-10-03 |
| | | | | Fixes #2125 | ||
* | --version 0.9.57 | netblue30 | 2018-09-19 |
| | |||
* | 0.9.56 released0.9.56 | netblue30 | 2018-09-18 |
| | |||
* | removed --disable-bind configuration option; some ohter minor cleanup | startx2017 | 2018-08-22 |
| | |||
* | release 0.9.56~rc1 testing | netblue30 | 2018-08-11 |
| | |||
* | Replace all possible HTTP links with HTTPS | Tad | 2018-08-08 |
| | |||
* | removed compile time --enable-network=restricted, --net=none allowed even if ↵ | startx2017 | 2018-07-26 |
| | | | | networking was disabled at compile time or at run time, fixed issue #2061 | ||
* | 0.9.55 | netblue30 | 2018-05-16 |
| | |||
* | 0.9.54 testing0.9.54 | netblue30 | 2018-05-16 |
| | |||
* | moving to 0.9.54~rc3 | netblue30 | 2018-05-13 |
| | |||
* | moving to next version | netblue30 | 2018-05-06 |
| | |||
* | 0.9.54~rc1 released0.9.54-rc1 | netblue30 | 2018-05-06 |
| | |||
* | deprecated --git-install and --git-uninstall | netblue30 | 2018-04-04 |
| | |||
* | added --disable-suid to configuration script | netblue30 | 2018-04-02 |
| | |||
* | consolidate makefiles | netblue30 | 2018-03-31 |
| | |||
* | spectre clang support | netblue30 | 2018-03-30 |
| | |||
* | fixes | netblue30 | 2018-03-23 |
| | |||
* | support Spectre mitigation patch for gcc compiler | netblue30 | 2018-03-23 |
| | |||
* | optimize default seccomp filters | netblue30 | 2018-01-02 |
| | |||
* | replacing seccomp printing with a seccomp disassembler | netblue30 | 2017-12-28 |
| | |||
* | starting 0.9.53 | netblue30 | 2017-12-12 |
| | |||
* | 0.9.52 testing | netblue30 | 2017-12-07 |
| | |||
* | netfilter split | netblue30 | 2017-11-13 |
| | |||
* | --build | netblue30 | 2017-09-16 |
| | |||
* | 0.9.51 development starting | netblue30 | 2017-09-07 |
| | |||
* | starting 0.9.50~rc2 | netblue30 | 2017-08-30 |
| | |||
* | 0.9.50~rc1 | netblue30 | 2017-08-28 |
| | |||
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | private-lib: split fldd as a separate application | netblue30 | 2017-08-03 |
| | |||
* | 0.9.49 development version | netblue30 | 2017-06-13 |
| | |||
* | 0.9.48 testing | netblue30 | 2017-06-12 |
| | |||
* | strip trailing whitespace | Fred Barclay | 2017-05-24 |
| |