| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|
|
|
| |
at compile time.
|
| |
|
| |
|
|
|
|
|
|
| |
As hinted by @rusty-snake[1].
[1] https://github.com/netblue30/firejail/discussions/5064#discussioncomment-2417395
|
|\
| |
| | |
docs: mention inconsistent homedir bug involving --private=dir
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
And the workaround suggested by @smitsohu[1] and @rusty-snake[2].
Relates to #903 #5048.
[1] https://github.com/netblue30/firejail/issues/903#issuecomment-946673346
[2] https://github.com/netblue30/firejail/discussions/5048#discussioncomment-2360034
|
|\ \
| |/
|/| |
man: mention that the protocol command accumulates
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As mentioned by @rusty-snake[1].
This amends commit 39654d016 ("adding netlink to --protocol list
(#4605)", 2022-01-21).
See also commit 75073e0e4 ("man: mention that private-bin and
private-etc are cumulative", 2022-01-22) and issue #4078.
[1] https://github.com/netblue30/firejail/pull/5042/files#r825477891
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
there are two build options, should clean up both
follow-up to commit a6283fd7873a4f1dffb0730a968406d52545c73a
|
|\ |
|
| | |
|
|/ |
|
|
|
|
|
|
| |
This amends commit ac6c8c038 ("fix #4078", 2022-01-21).
Fixes #4078.
|
| |
|
| |
|
| |
|
|\
| |
| | |
noprinters: add missing items & add to profile.template
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
See CONTRIBUTING.md.
The changes are based on what was done on commit 5a612029b ("rename
noautopulse to keep-config-pulse", 2021-05-13) / PR #4278.
This amends commit bd15e763e ("--noprinter option", 2021-10-20) and
commit d9403dcdc ("small fix", 2021-10-20).
Relates to #4607.
|
|/ |
|
| |
|
|
|
|
| |
Signed-off-by: Tad <tad@spotco.us>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Adds minimal cgroupv2 support, and fixes
an effective user id assertion in --join
(instead of asserting effective user id
of the user, drop privileges completely
in a child process).
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit a11707ea273e5665047f8a7d9387ba07f08d72f6.
The man pages currently direct users to use the aliases instead of the
commands, which some users of firejail-git may end up doing. Example:
https://github.com/netblue30/firejail/discussions/4496
So revert the man page changes as well to avoid confusion.
Note: This is not a full revert. The commit in question also contains
some string formatting fixes on src/firejail/usage.c (related to dbus
and netmask), which are left intact.
Relates to #4410.
|
| |
|
|\
| |
| | |
augment seccomp lists in firejail.config
|
| |
| |
| |
| |
| |
| |
| |
| | |
* move everything related to modification
of the default seccomp filter from --seccomp
to --seccomp= entry
* update errno descriptions
|
| | |
|
|\ \ |
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* downgrade error to warning,
smiliar to read-write option;
this simplifies use of tmpfs
option in general purpose
profiles, for example we
don't need to worry about links
people put in their homedir
* update manpage
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
| |
this commit add support to size parsing for k,m,g suffix for numbers and
applies this support to rlimit-as and rlimit-fsize arguments in both for
commandline and profile parsing.
supported suffix:
- k for kilobytes
- m for megabytes
- g for gigabytes
( these values uses 1024 bases instead of 1000 )
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
* add the keep-config-pulse option
* make noautopulse an alias for keep-config-pulse
* deprecate the noautopulse option
* misc: fix indentation of --keep-dev-shm on src/firejail/usage.c
Even though noautopulse is not intended for hardening, it looks like it
is, because it starts with "no", just like no3d, noroot, etc). In fact,
it is the only "no" option that differs in such a way.
And it has been accidentally misused as such before; see PR #4269 and
commit e4beaeaa8 ("drop noautopulse from agetpkg").
So effectively rename it to keep-config-pulse in order to avoid
confusion. This is similar to the keep-var-tmp and keep-dev-shm
options, which are used to "leave a path alone", just like noautopulse.
Note: The changes on this patch are based on the ones from commit
617ff40c9 ("add --noautopulse arg for complex pulse setups") / PR #1854.
See #4269 for the discussion.
|
|
|
|
| |
Subdirs for private-etc has been implemented since 6ebe8925.
|
|\
| |
| |
| |
| | |
davidebeatrici/private-dev-input-support-and-noinput-option
Map /dev/input with "--private-dev", add "--no-input" option to disable it
|