Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | private-etc rework: remove hiding blacklisted files in private-etc directory ↵ | 2023-01-20 | |
| | | | | feature | ||
* | firejail.config: explain potential issues with etc-hide-blacklisted | 2023-01-16 | |
| | | | | | | | Let users know that enabling this may break /etc/resolv.conf. Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | Rename etc-no-blacklisted to etc-hide-blacklisted | 2023-01-16 | |
| | | | | | | | | | | | | | | | | | | | To avoid boolean confusion (`no-foo no` / `no-foo yes`) in firejail.config: etc-no-blacklisted no etc-no-blacklisted yes Commands used to search and replace: git grep -Ilz -i 'etc.no.blacklisted' -- etc src | xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \ -e 's/etc-no-blacklisted/etc-hide-blacklisted/' \ -e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \ '{}')\" >'{}'" Added on commit ded50200e ("opt-in: skip blacklisted files in private-etc - #5010, #5230", 2023-01-15) / PR #5591. | ||
* | opt-in: skip blacklisted files in private-etc - #5010, #5230 | 2023-01-15 | |
| | |||
* | tracelog disabled by default in /etc/firejail/firejail.config file | 2022-08-29 | |
| | |||
* | disabled private-lib in /etc/firejail/firejail.config | 2022-06-23 | |
| | |||
* | seccomp-log support in firejail.config | 2022-06-18 | |
| | |||
* | disable chroot by default in /etc/firejail/firejail.config | 2022-06-13 | |
| | |||
* | disable cgroup code | 2022-06-13 | |
| | |||
* | firejail.config: add warning about allow-tray | 2022-02-16 | |
| | | | | | | | | | | | According to #4053, there is currently no safe (in the sense of not allowing to escape the sandbox) implementation of `org.kde.StatusNotifierWatcher`, but it is required by multiple programs for tray functionality. Users may not be aware of this (for example, see #4508), so add a warning about it. Note: allow-tray was added on commit c86cae2d0 ("Add new condition ALLOW_TRAY", 2021-09-04) / PR #4510. | ||
* | Merge pull request #4510 from rusty-snake/allow-tray-condition | 2021-10-09 | |
|\ | | | | | Add new condition ALLOW_TRAY | ||
| * | Add new condition ALLOW_TRAY | 2021-09-04 | |
| | | |||
* | | fix spelling (#4573) | 2021-09-22 | |
|/ | |||
* | deprecated whitelist=yes/no in /etc/firejail/firejail.config | 2021-07-04 | |
| | |||
* | Merge pull request #4340 from smitsohu/kcmp | 2021-06-26 | |
|\ | | | | | augment seccomp lists in firejail.config | ||
| * | augment seccomp lists in firejail.config | 2021-06-20 | |
| | | |||
* | | Merge pull request #4330 from smitsohu/fjconfig | 2021-06-04 | |
|\ \ | |/ |/| | add firejail.config switch for private-{bin,etc,opt,srv} | ||
| * | add firejail.config switch for private-{bin,etc,opt,srv} | 2021-05-22 | |
| | | |||
* | | deprecated follow-symlink-as-user from firejail.config | 2021-05-26 | |
| | | |||
* | | add support for arbitrary whitelist directories | 2021-05-03 | |
|/ | |||
* | seccomp: logging | 2020-08-05 | |
| | | | | | | | Allow `log` as an alternative seccomp error action instead of killing or returning an errno code. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | Follow-up for #3326 (#3397) | 2020-05-04 | |
| | | | | | | | | | | | * use the new dbus format in chromium-common.profile * use new dbus format in firejail.config Now that #3326 landed I think it might be less confusing to keep using the --nodbus wording. Couldn't come up with a better alternative (yet), so this might need future improvements. * block dbus system bus Blocking the system bus shouldn't affect password functionality etc, as that uses the session bus. | ||
* | Alphabetically order firejail.config (#3324) | 2020-04-07 | |
| | |||
* | Allow changing error action in seccomp filters | 2020-04-06 | |
| | | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call. | ||
* | fix join timeout if sleep interval is not a multiple | 2020-01-17 | |
| | |||
* | make join timeout configurable in firejail.config | 2019-12-23 | |
| | |||
* | rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d | 2019-08-09 | |
| | | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877 | ||
* | fix verbosity for non-authorized user | 2019-07-22 | |
| | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | ||
* | add symlink resolution for home directories | 2019-07-09 | |
| | |||
* | fix #2820 - adjustable file copy limit; export FIREJAIL_DEBUG into sbox | 2019-07-04 | |
| | |||
* | thunderbird-beta: use private-opt instead of whitelist | 2019-06-30 | |
| | |||
* | Update firejail.config -- disable-mnt description | 2019-05-21 | |
| | |||
* | Add a conditional to control DRM/noexec exception for browsers | 2019-04-13 | |
| | |||
* | firejail.config fixes | 2019-02-04 | |
| | | | | always print a warning, treat join-or-start like join | ||
* | --name rework | 2019-02-01 | |
| | |||
* | enable/disable cgroup in firejail.config | 2019-01-27 | |
| | |||
* | Add new config option to disable U2F in browsers, enabled by default | 2018-11-05 | |
| | |||
* | firejail.config: clarify disable-mnt behaviour | 2018-10-16 | |
| | |||
* | add switch to disable/enable private-cache | 2018-09-10 | |
| | |||
* | Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" | 2018-06-14 | |
| | | | | This reverts commit caa7ad8714206a158123773ddcaca6ef219a5501. | ||
* | mounting a tmpfs on ~/.cache directory (private-cache) by default | 2018-06-12 | |
| | |||
* | removed CFG_CHROOT_DESKTOP config option | 2018-06-11 | |
| | |||
* | enable/disable dbus handling in /etc/firejail/firejail.config | 2018-03-30 | |
| | |||
* | added support to disable apparmor globally in /etc/firejail/firejail.config | 2018-02-19 | |
| | |||
* | deprecated follow-symlink-private-bin from /etc/firejail/firejail.config | 2017-11-09 | |
| | |||
* | modif: remount-proc-sys deprecated from firejail.config | 2017-10-27 | |
| | |||
* | private-lib: support for /etc/firejail/firejail.config | 2017-08-04 | |
| | |||
* | x11/xpra support | 2017-08-01 | |
| | |||
* | arp rework | 2017-07-29 | |
| | |||
* | merge #1100 from zackw: support for Xpra extra params in firejail config file | 2017-05-08 | |
| |