Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | seccomp: logging | Topi Miettinen | 2020-08-05 |
| | | | | | | | Allow `log` as an alternative seccomp error action instead of killing or returning an errno code. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | Follow-up for #3326 (#3397) | glitsj16 | 2020-05-04 |
| | | | | | | | | | | | * use the new dbus format in chromium-common.profile * use new dbus format in firejail.config Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements. * block dbus system bus Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus. | ||
* | Alphabetically order firejail.config (#3324) | glitsj16 | 2020-04-07 |
| | |||
* | Allow changing error action in seccomp filters | Topi Miettinen | 2020-04-06 |
| | | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call. | ||
* | fix join timeout if sleep interval is not a multiple | smitsohu | 2020-01-17 |
| | |||
* | make join timeout configurable in firejail.config | smitsohu | 2019-12-23 |
| | |||
* | rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d | smitsohu | 2019-08-09 |
| | | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877 | ||
* | fix verbosity for non-authorized user | smitsohu | 2019-07-22 |
| | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | ||
* | add symlink resolution for home directories | smitsohu | 2019-07-09 |
| | |||
* | fix #2820 - adjustable file copy limit; export FIREJAIL_DEBUG into sbox | netblue30 | 2019-07-04 |
| | |||
* | thunderbird-beta: use private-opt instead of whitelist | rusty-snake | 2019-06-30 |
| | |||
* | Update firejail.config -- disable-mnt description | rusty-snake | 2019-05-21 |
| | |||
* | Add a conditional to control DRM/noexec exception for browsers | Tad | 2019-04-13 |
| | |||
* | firejail.config fixes | smitsohu | 2019-02-04 |
| | | | | always print a warning, treat join-or-start like join | ||
* | --name rework | netblue30 | 2019-02-01 |
| | |||
* | enable/disable cgroup in firejail.config | netblue30 | 2019-01-27 |
| | |||
* | Add new config option to disable U2F in browsers, enabled by default | Tad | 2018-11-05 |
| | |||
* | firejail.config: clarify disable-mnt behaviour | Vincent43 | 2018-10-16 |
| | |||
* | add switch to disable/enable private-cache | smitsohu | 2018-09-10 |
| | |||
* | Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" | Tad | 2018-06-14 |
| | | | | This reverts commit caa7ad8714206a158123773ddcaca6ef219a5501. | ||
* | mounting a tmpfs on ~/.cache directory (private-cache) by default | netblue30 | 2018-06-12 |
| | |||
* | removed CFG_CHROOT_DESKTOP config option | netblue30 | 2018-06-11 |
| | |||
* | enable/disable dbus handling in /etc/firejail/firejail.config | netblue30 | 2018-03-30 |
| | |||
* | added support to disable apparmor globally in /etc/firejail/firejail.config | netblue30 | 2018-02-19 |
| | |||
* | deprecated follow-symlink-private-bin from /etc/firejail/firejail.config | netblue30 | 2017-11-09 |
| | |||
* | modif: remount-proc-sys deprecated from firejail.config | netblue30 | 2017-10-27 |
| | |||
* | private-lib: support for /etc/firejail/firejail.config | netblue30 | 2017-08-04 |
| | |||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | arp rework | netblue30 | 2017-07-29 |
| | |||
* | merge #1100 from zackw: support for Xpra extra params in firejail config file | netblue30 | 2017-05-08 |
| | |||
* | firejail.config cleanup | startx2017 | 2017-03-29 |
| | |||
* | merge #1100 from zackw: xvfb support in /etc/firejail/firejail.config | netblue30 | 2017-03-23 |
| | |||
* | enable/disable join support in /etc/firejail/firejail.config | startx2017 | 2017-03-23 |
| | |||
* | added support to enable/disable tmpfs mounting on top of ~/.cache directory | netblue30 | 2017-03-14 |
| | |||
* | config support to disable access to /mnt and /media | netblue30 | 2017-03-10 |
| | |||
* | Following links in private-bin command ported from #1100 created problems ↵ | netblue30 | 2017-03-07 |
| | | | | for some users. I added a follow-symlink-private-bin entry in /etc/firejail/firejail.config file to enable/disable this functionality - default disabled. | ||
* | merge #1100 from zackw: removed libconnect | netblue30 | 2017-02-14 |
| | |||
* | follow-symlink-as-user runtime config option in /etc/firejail/firejail.config | netblue30 | 2017-02-12 |
| | |||
* | config support for firejail prompt in terminals | netblue30 | 2016-12-11 |
| | |||
* | fixes | netblue30 | 2016-09-18 |
| | |||
* | bug: add support to remove /usr/local from private-bin list, issue 778 | netblue30 | 2016-09-17 |
| | |||
* | bringing back --private-home | netblue30 | 2016-09-04 |
| | |||
* | run time support to disable chroot desktop features | netblue30 | 2016-08-23 |
| | |||
* | run time support to disable overlayfs | netblue30 | 2016-08-21 |
| | |||
* | run time support to disable remounting of /proc and /sys | netblue30 | 2016-08-20 |
| | |||
* | added quiet-by-default config option in /etc/firejail/firejail.config | netblue30 | 2016-08-11 |
| | |||
* | added netfilter-default config option in /etc/firejail/firejail.config | netblue30 | 2016-07-28 |
| | |||
* | s/Xephry/Xephyr/ | avoidr | 2016-06-27 |
| | |||
* | x11 work | netblue30 | 2016-06-09 |
| | |||
* | fixes | netblue30 | 2016-06-09 |
| |