Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | profiles: Miscellaneous cleanups (#5918) | glitsj16 | 2023-07-25 |
| | |||
* | private-etc rework: remove hiding blacklisted files in private-etc directory ↵ | netblue30 | 2023-01-20 |
| | | | | feature | ||
* | firejail.config: explain potential issues with etc-hide-blacklisted | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | Let users know that enabling this may break /etc/resolv.conf. Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | Rename etc-no-blacklisted to etc-hide-blacklisted | Kelvin M. Klann | 2023-01-16 |
| | | | | | | | | | | | | | | | | | | | To avoid boolean confusion (`no-foo no` / `no-foo yes`) in firejail.config: etc-no-blacklisted no etc-no-blacklisted yes Commands used to search and replace: git grep -Ilz -i 'etc.no.blacklisted' -- etc src | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ -e 's/etc-no-blacklisted/etc-hide-blacklisted/' \ -e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \ '{}')\" >'{}'" Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | opt-in: skip blacklisted files in private-etc - #5010, #5230 | smitsohu | 2023-01-15 |
| | |||
* | tracelog disabled by default in /etc/firejail/firejail.config file | netblue30 | 2022-08-29 |
| | |||
* | disabled private-lib in /etc/firejail/firejail.config | netblue30 | 2022-06-23 |
| | |||
* | seccomp-log support in firejail.config | netblue30 | 2022-06-18 |
| | |||
* | disable chroot by default in /etc/firejail/firejail.config | netblue30 | 2022-06-13 |
| | |||
* | disable cgroup code | netblue30 | 2022-06-13 |
| | |||
* | firejail.config: add warning about allow-tray | Kelvin M. Klann | 2022-02-16 |
| | | | | | | | | | | | According to #4053, there is currently no safe (in the sense of not allowing to escape the sandbox) implementation of `org.kde.StatusNotifierWatcher`, but it is required by multiple programs for tray functionality. Users may not be aware of this (for example, see #4508), so add a warning about it. Note: allow-tray was added on commit c86cae2d0 ("Add new condition ALLOW_TRAY", 2021-09-04) / PR #4510. | ||
* | Merge pull request #4510 from rusty-snake/allow-tray-condition | netblue30 | 2021-10-09 |
|\ | | | | | Add new condition ALLOW_TRAY | ||
| * | Add new condition ALLOW_TRAY | rusty-snake | 2021-09-04 |
| | | |||
* | | fix spelling (#4573) | a1346054 | 2021-09-22 |
|/ | |||
* | deprecated whitelist=yes/no in /etc/firejail/firejail.config | netblue30 | 2021-07-04 |
| | |||
* | Merge pull request #4340 from smitsohu/kcmp | smitsohu | 2021-06-26 |
|\ | | | | | augment seccomp lists in firejail.config | ||
| * | augment seccomp lists in firejail.config | smitsohu | 2021-06-20 |
| | | |||
* | | Merge pull request #4330 from smitsohu/fjconfig | netblue30 | 2021-06-04 |
|\ \ | |/ |/| | add firejail.config switch for private-{bin,etc,opt,srv} | ||
| * | add firejail.config switch for private-{bin,etc,opt,srv} | smitsohu | 2021-05-22 |
| | | |||
* | | deprecated follow-symlink-as-user from firejail.config | netblue30 | 2021-05-26 |
| | | |||
* | | add support for arbitrary whitelist directories | smitsohu | 2021-05-03 |
|/ | |||
* | seccomp: logging | Topi Miettinen | 2020-08-05 |
| | | | | | | | Allow `log` as an alternative seccomp error action instead of killing or returning an errno code. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | Follow-up for #3326 (#3397) | glitsj16 | 2020-05-04 |
| | | | | | | | | | | | * use the new dbus format in chromium-common.profile * use new dbus format in firejail.config Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements. * block dbus system bus Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus. | ||
* | Alphabetically order firejail.config (#3324) | glitsj16 | 2020-04-07 |
| | |||
* | Allow changing error action in seccomp filters | Topi Miettinen | 2020-04-06 |
| | | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call. | ||
* | fix join timeout if sleep interval is not a multiple | smitsohu | 2020-01-17 |
| | |||
* | make join timeout configurable in firejail.config | smitsohu | 2019-12-23 |
| | |||
* | rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d | smitsohu | 2019-08-09 |
| | | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877 | ||
* | fix verbosity for non-authorized user | smitsohu | 2019-07-22 |
| | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | ||
* | add symlink resolution for home directories | smitsohu | 2019-07-09 |
| | |||
* | fix #2820 - adjustable file copy limit; export FIREJAIL_DEBUG into sbox | netblue30 | 2019-07-04 |
| | |||
* | thunderbird-beta: use private-opt instead of whitelist | rusty-snake | 2019-06-30 |
| | |||
* | Update firejail.config -- disable-mnt description | rusty-snake | 2019-05-21 |
| | |||
* | Add a conditional to control DRM/noexec exception for browsers | Tad | 2019-04-13 |
| | |||
* | firejail.config fixes | smitsohu | 2019-02-04 |
| | | | | always print a warning, treat join-or-start like join | ||
* | --name rework | netblue30 | 2019-02-01 |
| | |||
* | enable/disable cgroup in firejail.config | netblue30 | 2019-01-27 |
| | |||
* | Add new config option to disable U2F in browsers, enabled by default | Tad | 2018-11-05 |
| | |||
* | firejail.config: clarify disable-mnt behaviour | Vincent43 | 2018-10-16 |
| | |||
* | add switch to disable/enable private-cache | smitsohu | 2018-09-10 |
| | |||
* | Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" | Tad | 2018-06-14 |
| | | | | This reverts commit caa7ad8714206a158123773ddcaca6ef219a5501. | ||
* | mounting a tmpfs on ~/.cache directory (private-cache) by default | netblue30 | 2018-06-12 |
| | |||
* | removed CFG_CHROOT_DESKTOP config option | netblue30 | 2018-06-11 |
| | |||
* | enable/disable dbus handling in /etc/firejail/firejail.config | netblue30 | 2018-03-30 |
| | |||
* | added support to disable apparmor globally in /etc/firejail/firejail.config | netblue30 | 2018-02-19 |
| | |||
* | deprecated follow-symlink-private-bin from /etc/firejail/firejail.config | netblue30 | 2017-11-09 |
| | |||
* | modif: remount-proc-sys deprecated from firejail.config | netblue30 | 2017-10-27 |
| | |||
* | private-lib: support for /etc/firejail/firejail.config | netblue30 | 2017-08-04 |
| | |||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | arp rework | netblue30 | 2017-07-29 |
| |