Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Man pages: were missing info about .profile .local resolution (#3440) | OndrejMalek | 2020-06-04 |
| | | | | | | | | | * Man pages: link to .profile resolution, urls * Man pages: firejail-profile add link to wiki profile creation * Man pages: line break, slash in path * Man pages remove space before dots | ||
* | man: minor clarifications to man pages (#3445) | Jeff Squyres | 2020-06-04 |
| | | | | | | | | Add verbiage to the man pages clarifying that the files/directories in the lists given to options such as --private-bin must be relative to the directory that is being limited (e.g., --private-opt requires a list of files/directories that are relative to /opt). Signed-off-by: Jeff Squyres <jeff@squyres.com> | ||
* | Documentation for new DBus options | Kristóf Marussy | 2020-05-07 |
| | |||
* | suport mkdir and mkfile for /run/user/<PID> directory (#3346) | netblue30 | 2020-04-13 |
| | |||
* | Clarify that file globbing occurs only at start | Antonio Russo | 2020-04-11 |
| | | | | | | firejail can blacklist (and now also whitelist) files based on glob pattern. This pattern is evaluated at firejail start, and not updated at run time. This patch documents this behavior. | ||
* | fix example in firejail-profile.txt | glitsj16 | 2020-04-08 |
| | |||
* | add example for overriding individiual DBus filter to firejail-profile.txt | glitsj16 | 2020-04-08 |
| | | | See discussion in https://github.com/netblue30/firejail/pull/3326. | ||
* | fix typo in firejail-profile.txt | glitsj16 | 2020-04-07 |
| | |||
* | Deprecate --nodbus option | Kristóf Marussy | 2020-04-07 |
| | |||
* | Add documentation for DBus filtering | Kristóf Marussy | 2020-04-06 |
| | |||
* | Allow changing error action in seccomp filters | Topi Miettinen | 2020-04-06 |
| | | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call. | ||
* | seccomp: allow defining separate filters for 32-bit arch | Topi Miettinen | 2020-03-28 |
| | | | | | | | | | | | | | | | | | | | | | System calls (names and numbers) are not exactly the same for 32 bit and 64 bit architectures. Let's allow defining separate filters for 32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This is useful for mixed 64/32 bit application environments like Steam and Wine. Implement protocol and mdwx filtering also for 32 bit arch. It's still better to block secondary archs completely if not needed. Lists of supported system calls are also updated. Warn if preload libraries would be needed due to trace, tracelog or postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic linker does not understand the 64 bit preload libraries. Closes #3267. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | new condition: HAS_NOSOUND | rusty-snake | 2020-03-15 |
| | |||
* | Documentation for DHCP support | Kristóf Marussy | 2020-01-27 |
| | |||
* | add HAS_NET conditional | smitsohu | 2019-11-11 |
| | |||
* | add HAS_X11 conditional, disconnect session manager - #2205 | smitsohu | 2019-10-08 |
| | |||
* | alphabetize man page entries | smitsohu | 2019-10-04 |
| | |||
* | various fixes and improvements | rusty-snake | 2019-08-22 |
| | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | ||
* | document profile support for allow-debuggers in firejail-profile man page ↵ | Sebastian Hafner | 2019-07-17 |
| | | | | (#2861) | ||
* | template hint in CONTRIBUTING.md & firejail-prof… | rusty-snake | 2019-06-04 |
| | | | | | …ile manpage added + some profileprofile fixes | ||
* | Grammar fix | Reiner Herrmann | 2019-05-29 |
| | | | | (found by lintian) | ||
* | Merge pull request #2712 from apmorton/features/private-cwd | smitsohu | 2019-05-24 |
|\ | | | | | Add private-cwd option to control working directory within jail | ||
| * | Add private-cwd option to control working directory within jail | Austin Morton | 2019-05-23 |
| | | |||
* | | Add deterministic-exit-code option to ensure firejail exits with the first ↵ | Austin Morton | 2019-05-20 |
|/ | | | | childs exit code regardless of the termination ordering of orphaned children | ||
* | update man pages (private-dev, noexec) | smitsohu | 2019-05-04 |
| | |||
* | Add a conditional to control DRM/noexec exception for browsers | Tad | 2019-04-13 |
| | |||
* | add HAS_NODBUS conditional, ${RUNUSER} makro | smitsohu | 2018-12-07 |
| | |||
* | Misc. typos | luz.paz | 2018-11-19 |
| | | | Found using `codespell -q 3 -L shotcut,objext,als,ans,creat,varius,chage,tthe` | ||
* | Add new config option to disable U2F in browsers, enabled by default | Tad | 2018-11-05 |
| | |||
* | Fix doc: A more accurate example of profile loading by profile name. | Glenn Washburn | 2018-10-17 |
| | |||
* | Update profile manpage to detail added "include" functionality. | Glenn Washburn | 2018-10-17 |
| | |||
* | Update documentation for profile conditionals. | Glenn Washburn | 2018-10-16 |
| | |||
* | Update man pages and usage to reflect --profile enhancement. | Glenn Washburn | 2018-10-15 |
| | |||
* | --ignore cleanup | startx2017 | 2018-08-04 |
| | |||
* | tunneling support - tap interface in --net option | netblue30 | 2018-07-11 |
| | |||
* | Add documentation for keep-dev-shm option | ಚಿರಾಗ್ ನಟರಾಜ್ | 2018-07-09 |
| | |||
* | --netmask option | netblue30 | 2018-07-06 |
| | |||
* | Merges + misc fixes | Tad | 2018-07-04 |
| | | | | | | | | - Change some links in README to HTTPS - Fixup some typos in firejail-profile manpage - Cleanup dash from private-etc - Fixup gradio - Synchronize server profile with default profile | ||
* | Revert "mounting a tmpfs on ~/.cache directory (private-cache) by default" | Tad | 2018-06-14 |
| | | | | This reverts commit caa7ad8714206a158123773ddcaca6ef219a5501. | ||
* | Change --nousb to --nou2f per suggestion on last commit. | Chiraag Nataraj | 2018-06-12 |
| | |||
* | Add --nousb option | Chiraag Nataraj | 2018-06-12 |
| | |||
* | mounting a tmpfs on ~/.cache directory (private-cache) by default | netblue30 | 2018-06-12 |
| | |||
* | update man page (private-cache) | smitsohu | 2018-06-12 |
| | |||
* | merges0.9.54-rc2 | netblue30 | 2018-05-12 |
| | |||
* | Moved documentation to conform with alphabetical ordering | Chiraag Nataraj | 2018-05-03 |
| | |||
* | Add --keep-var-tmp and associated profile option | Chiraag Nataraj | 2018-05-01 |
| | |||
* | docs and comment updates | smitsohu | 2018-04-20 |
| | | | | adds sorting to syscall list in firejail man page | ||
* | firejail user access database | netblue30 | 2018-04-08 |
| | |||
* | add --noautopulse arg for complex pulse setups | Melvin Vermeeren | 2018-04-01 |
| | | | | such as remote pulse servers or non-standard socket paths | ||
* | modif: --profile-path was deprecated | netblue30 | 2017-10-27 |
| |