aboutsummaryrefslogtreecommitdiffstats
path: root/src/firejail/fs_etc.c
Commit message (Collapse)AuthorAge
* CVE-2022-31214: fixing the fix, one more timeLibravatar smitsohu2022-06-08
| | | | | | | | | the previous commit "CVE-2022-31214: fixing the fix" made private-etc=fonts,fonts and similar commands fail with an error fix that regression by tolerating already existing directories
* CVE-2022-31214: fixing the fixLibravatar smitsohu2022-06-08
|
* new version for NixOS 4887Libravatar netblue302022-02-03
|
* some hardeningLibravatar smitsohu2022-01-17
|
* 2022 copyright updateLibravatar netblue302022-01-07
|
* Removing blacklisted files from top level /etc directory if the filse were ↵Libravatar netblue302021-07-14
| | | | blacklisted
* open files O_CLOEXEC|O_EXCLLibravatar smitsohu2021-05-16
| | | | | | | | | | | | | Dumb patch that adds O_CLOEXEC to all open/fopen calls, even where it is obviously pointless. While at it, also add O_EXCL where it might be considered useful, for example to clear Coverity warnings, or on files that subsequently are used to configure a join sandbox. Pure defense in depth, this patch should have no observable effects.
* Add support for subdirs in private-etcLibravatar Michael Hoffmann2021-04-26
|
* private-etc: minor timetrace fixLibravatar smitsohu2021-03-03
| | | | fixes reversed /etc and /usr/etc timetraces
* Improve error reporting while mountingLibravatar Tomi Leppänen2021-03-03
| | | | | | Move error message after debug logging and add cause message. Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
* Add checks to fs_private_dir_mountLibravatar Tomi Leppänen2021-02-22
| | | | | | Check that the directory exists before attempting to mount it. Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
* sandbox: Do not leave file mounts underneath private-etcLibravatar Simo Piiroinen2021-02-22
| | | | | | | | | | | | | | | | Firejail uses file bind-mounts to filter /etc/passwd and /etc/group content. If private-etc is used, these mounts are left underneath the /etc directory mount and this seems to be causing problems in devices with older kernels: attempts to modify passwd or group data fails with EBUSY. Make it possible to perform fs_private_dir_list() actions in two separate phases. Undo the file mounts in /etc before mounting private-etc content. Signed-off-by: Simo Piiroinen <simo.piiroinen@jolla.com> Signed-off-by: Tomi Leppänen <tomi.leppanen@jolla.com>
* copyright updateLibravatar startx20172021-02-15
|
* Add support for SELinux labelingLibravatar Topi Miettinen2020-02-22
| | | | | | | | | | | | | | | | | | | | | | | Running `firejail --noprofile --private-bin=bash,ls ls -1Za /usr/bin` shows that the SELinux labels are not correct: ``` user_u:object_r:user_tmpfs_t:s0 . system_u:object_r:usr_t:s0 .. user_u:object_r:user_tmpfs_t:s0 bash user_u:object_r:user_tmpfs_t:s0 ls ``` After fixing this: ``` system_u:object_r:bin_t:s0 . system_u:object_r:usr_t:s0 .. system_u:object_r:shell_exec_t:s0 bash system_u:object_r:bin_t:s0 ls ``` Most copied files and created directories should now have correct labels (bind mounted objects keep their labels). This is useful to avoid having to change the SELinux rules when using Firejail.
* openSUSE fix: mount private-etc on /usr/etc as wellLibravatar smitsohu2020-02-09
| | | | see issue #3145
* housekeeping: strip unneeded whitespaceLibravatar Fred Barclay2020-02-01
|
* move copyright to 2020 (part 2) (#3181)Libravatar glitsj162020-01-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020 * move copyright statement to 2020
* mask more private options runtime directories, just to be sureLibravatar smitsohu2019-11-28
|
* check for dir existence before private-* mountLibravatar smitsohu2019-07-16
| | | fixes #2859
* move copyright statement to 2019Libravatar smitsohu2019-02-07
|
* harden private-home mounting, small improvementsLibravatar smitsohu2018-08-16
|
* fix NP derefLibravatar smitsohu2018-08-15
| | | | private-home and private-bin are included just for consistency
* move copyright statement to 2018Libravatar startx20172018-01-14
|
* redirect output messages to stderrLibravatar startx20172017-12-14
|
* trace install time for private directoriesLibravatar netblue302017-10-15
|
* enhanced globbing for --blacklistLibravatar startx20172017-10-13
|
* Remove trailing whitespace from src/Libravatar Fred Barclay2017-05-24
|
* redirect all warnings to fwarning function and control the output with --quietLibravatar startx20172017-04-13
|
* testingLibravatar netblue302017-03-24
|
* copyright 2017Libravatar netblue302017-02-11
|
* fix PulseAudio/machine-id problemLibravatar netblue302017-01-18
|
* Remove compiler warnings on Ubuntu 16.04Libravatar Peter Millerchip2016-12-18
|
* machine-id fixLibravatar netblue302016-12-14
|
* spoof machine-idLibravatar netblue302016-12-05
|
* private-opt and private-srvLibravatar netblue302016-11-29
|
* fcopy part 4Libravatar netblue302016-11-18
|
* fcopy part 3Libravatar netblue302016-11-17
|
* fcopy part 2Libravatar netblue302016-11-16
|
* major cleanup and testingLibravatar netblue302016-11-13
|
* testingLibravatar netblue302016-11-10
|
* execv fixesLibravatar netblue302016-11-04
|
* security: env variablesLibravatar netblue302016-11-03
|
* major cleanupLibravatar netblue302016-10-30
|
* replaced exit with _exit in forked childLibravatar netblue302016-10-19
|
* cleanupLibravatar netblue302016-10-09
|
* fix umask problemLibravatar Aleksey Manevich2016-08-29
|
* tighten securityLibravatar Aleksey Manevich2016-08-24
|
* --private-bin and --private-etc fixLibravatar netblue302016-08-08
|
* fix private-etc empty listLibravatar netblue302016-05-07
|
* fs_etc: continue to copy files if one fails.Libravatar Felipe Barriga Richards2016-03-20
|
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-06 19:16:22 +0000