aboutsummaryrefslogtreecommitdiffstats
path: root/etc/firejail.config
Commit message (Collapse)AuthorAge
* seccomp: loggingLibravatar Topi Miettinen2020-08-05
| | | | | | | Allow `log` as an alternative seccomp error action instead of killing or returning an errno code. Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
* Follow-up for #3326 (#3397)Libravatar glitsj162020-05-04
| | | | | | | | | | | * use the new dbus format in chromium-common.profile * use new dbus format in firejail.config Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements. * block dbus system bus Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus.
* Alphabetically order firejail.config (#3324)Libravatar glitsj162020-04-07
|
* Allow changing error action in seccomp filtersLibravatar Topi Miettinen2020-04-06
| | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call.
* fix join timeout if sleep interval is not a multipleLibravatar smitsohu2020-01-17
|
* make join timeout configurable in firejail.configLibravatar smitsohu2019-12-23
|
* rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5dLibravatar smitsohu2019-08-09
| | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877
* fix verbosity for non-authorized userLibravatar smitsohu2019-07-22
| | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users.
* add symlink resolution for home directoriesLibravatar smitsohu2019-07-09
|
* fix #2820 - adjustable file copy limit; export FIREJAIL_DEBUG into sboxLibravatar netblue302019-07-04
|
* thunderbird-beta: use private-opt instead of whitelistLibravatar rusty-snake2019-06-30
|
* Update firejail.config -- disable-mnt descriptionLibravatar rusty-snake2019-05-21
|
* Add a conditional to control DRM/noexec exception for browsersLibravatar Tad2019-04-13
|
* firejail.config fixesLibravatar smitsohu2019-02-04
| | | | always print a warning, treat join-or-start like join
* --name reworkLibravatar netblue302019-02-01
|
* enable/disable cgroup in firejail.configLibravatar netblue302019-01-27
|
* Add new config option to disable U2F in browsers, enabled by defaultLibravatar Tad2018-11-05
|
* firejail.config: clarify disable-mnt behaviourLibravatar Vincent432018-10-16
|
* add switch to disable/enable private-cacheLibravatar smitsohu2018-09-10
|
* Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default"Libravatar Tad2018-06-14
| | | | This reverts commit caa7ad8714206a158123773ddcaca6ef219a5501.
* mounting a tmpfs on ~/.cache directory (private-cache) by defaultLibravatar netblue302018-06-12
|
* removed CFG_CHROOT_DESKTOP config optionLibravatar netblue302018-06-11
|
* enable/disable dbus handling in /etc/firejail/firejail.configLibravatar netblue302018-03-30
|
* added support to disable apparmor globally in /etc/firejail/firejail.configLibravatar netblue302018-02-19
|
* deprecated follow-symlink-private-bin from /etc/firejail/firejail.configLibravatar netblue302017-11-09
|
* modif: remount-proc-sys deprecated from firejail.configLibravatar netblue302017-10-27
|
* private-lib: support for /etc/firejail/firejail.configLibravatar netblue302017-08-04
|
* x11/xpra supportLibravatar netblue302017-08-01
|
* arp reworkLibravatar netblue302017-07-29
|
* merge #1100 from zackw: support for Xpra extra params in firejail config fileLibravatar netblue302017-05-08
|
* firejail.config cleanupLibravatar startx20172017-03-29
|
* merge #1100 from zackw: xvfb support in /etc/firejail/firejail.configLibravatar netblue302017-03-23
|
* enable/disable join support in /etc/firejail/firejail.configLibravatar startx20172017-03-23
|
* added support to enable/disable tmpfs mounting on top of ~/.cache directoryLibravatar netblue302017-03-14
|
* config support to disable access to /mnt and /mediaLibravatar netblue302017-03-10
|
* Following links in private-bin command ported from #1100 created problems ↵Libravatar netblue302017-03-07
| | | | for some users. I added a follow-symlink-private-bin entry in /etc/firejail/firejail.config file to enable/disable this functionality - default disabled.
* merge #1100 from zackw: removed libconnectLibravatar netblue302017-02-14
|
* follow-symlink-as-user runtime config option in /etc/firejail/firejail.configLibravatar netblue302017-02-12
|
* config support for firejail prompt in terminalsLibravatar netblue302016-12-11
|
* fixesLibravatar netblue302016-09-18
|
* bug: add support to remove /usr/local from private-bin list, issue 778Libravatar netblue302016-09-17
|
* bringing back --private-homeLibravatar netblue302016-09-04
|
* run time support to disable chroot desktop featuresLibravatar netblue302016-08-23
|
* run time support to disable overlayfsLibravatar netblue302016-08-21
|
* run time support to disable remounting of /proc and /sysLibravatar netblue302016-08-20
|
* added quiet-by-default config option in /etc/firejail/firejail.configLibravatar netblue302016-08-11
|
* added netfilter-default config option in /etc/firejail/firejail.configLibravatar netblue302016-07-28
|
* s/Xephry/Xephyr/Libravatar avoidr2016-06-27
|
* x11 workLibravatar netblue302016-06-09
|
* fixesLibravatar netblue302016-06-09
|
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 22:17:18 +0000