Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fixed firecfg man page, update README | netblue30 | 2020-04-02 |
| | |||
* | whitelist globing man page | netblue30 | 2020-04-01 |
| | |||
* | seccomp: allow defining separate filters for 32-bit arch | Topi Miettinen | 2020-03-28 |
| | | | | | | | | | | | | | | | | | | | | | System calls (names and numbers) are not exactly the same for 32 bit and 64 bit architectures. Let's allow defining separate filters for 32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This is useful for mixed 64/32 bit application environments like Steam and Wine. Implement protocol and mdwx filtering also for 32 bit arch. It's still better to block secondary archs completely if not needed. Lists of supported system calls are also updated. Warn if preload libraries would be needed due to trace, tracelog or postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic linker does not understand the 64 bit preload libraries. Closes #3267. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | new condition: HAS_NOSOUND | rusty-snake | 2020-03-15 |
| | |||
* | misc things | rusty-snake | 2020-02-22 |
| | | | | | | - spelling suggestion from @glitsj16 on fda62527 - drop python2 from openshot it never has a python2 version - #3126 note in manpage: cannot combine --private with --private= | ||
* | Documentation for DHCP support | Kristóf Marussy | 2020-01-27 |
| | |||
* | Improve --version command example | glitsj16 | 2020-01-20 |
| | | | Fixes #3135. | ||
* | spelling fix | Reiner Herrmann | 2019-12-30 |
| | |||
* | Fix ordering of 'RESTRICTED SHELL' | glitsj16 | 2019-12-15 |
| | |||
* | add HAS_NET conditional | smitsohu | 2019-11-11 |
| | |||
* | add HAS_X11 conditional, disconnect session manager - #2205 | smitsohu | 2019-10-08 |
| | |||
* | alphabetize man page entries | smitsohu | 2019-10-04 |
| | |||
* | increase socket buffer size for firemon, bug #2700 | netblue30 | 2019-09-29 |
| | |||
* | Merge branch 'master' into fix-profile-builder | netblue30 | 2019-09-15 |
|\ | |||
| * | update seccomp in man firejail | rusty-snake | 2019-09-13 |
| | | |||
* | | Update man page to note that --trace can now take an optional parameter. | Glenn Washburn | 2019-08-29 |
|/ | |||
* | Merge pull request #2928 from topimiettinen/seccomp-more-groups | netblue30 | 2019-08-29 |
|\ | | | | | Add further seccomp groups | ||
| * | Add further seccomp groups | Topi Miettinen | 2019-08-28 |
| | | | | | | | | Get further seccomp group definitions from systemd. | ||
* | | Allow exceptions to seccomp lists | Topi Miettinen | 2019-08-25 |
|/ | | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366 | ||
* | various fixes and improvements | rusty-snake | 2019-08-22 |
| | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | ||
* | fix private-bin for tb-starter-wrapper #2863 | rusty-snake | 2019-08-19 |
| | |||
* | document profile support for allow-debuggers in firejail-profile man page ↵ | Sebastian Hafner | 2019-07-17 |
| | | | | (#2861) | ||
* | man fix (appimage, #2807) | netblue30 | 2019-07-04 |
| | |||
* | Fix typo in man firejail [--x11] (#2785) | glitsj16 | 2019-06-19 |
| | |||
* | template hint in CONTRIBUTING.md & firejail-prof… | rusty-snake | 2019-06-04 |
| | | | | | …ile manpage added + some profileprofile fixes | ||
* | Grammar fix | Reiner Herrmann | 2019-05-29 |
| | | | | (found by lintian) | ||
* | Merge pull request #2712 from apmorton/features/private-cwd | smitsohu | 2019-05-24 |
|\ | | | | | Add private-cwd option to control working directory within jail | ||
| * | Add private-cwd option to control working directory within jail | Austin Morton | 2019-05-23 |
| | | |||
* | | Add deterministic-exit-code option to ensure firejail exits with the first ↵ | Austin Morton | 2019-05-20 |
|/ | | | | childs exit code regardless of the termination ordering of orphaned children | ||
* | man pages: add FIREJAIL_QUIET | smitsohu | 2019-05-18 |
| | |||
* | dbus: make --nodbus block also system D-Bus socket | Topi Miettinen | 2019-05-15 |
| | | | | Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | update man pages (private-dev, noexec) | smitsohu | 2019-05-04 |
| | |||
* | Add a conditional to control DRM/noexec exception for browsers | Tad | 2019-04-13 |
| | |||
* | Fixes for man firejail (#2628) | glitsj16 | 2019-03-29 |
| | |||
* | Follow-up on flatpak/snap support (#2601) | glitsj16 | 2019-03-16 |
| | | | | | | | | | | * Remove obsolete snap support from disable-programs.inc * Remove obsolete snap support from pycharm-community.profile * Update RELNOTES to reflect non-existing/dropped flatpak/snap support * Update firejail.txt to reflect flatpak/snap packages are not supported | ||
* | Update firejail.txt (#2585) | glitsj16 | 2019-03-13 |
| | |||
* | mdwx: block memfd_create | Topi Miettinen | 2019-03-05 |
| | | | | | Some profiles may need adjusting if app uses memfd_create(2) and memory-deny-write-execute was enabled. | ||
* | Sort items alphabetically in man firejail (#2479) | glitsj16 | 2019-02-26 |
| | |||
* | documentation update | smitsohu | 2019-02-23 |
| | |||
* | Add machine-id note to man firejail (#2442) | glitsj16 | 2019-02-21 |
| | |||
* | Stress apparmor local overrides | glitsj16 | 2019-02-05 |
| | | | As per discussion on https://github.com/netblue30/firejail/pull/2390, we better use slightly stronger/less optional wording when it comes to where local apparmor overrides need to be done. | ||
* | --name rework | netblue30 | 2019-02-01 |
| | |||
* | removed mincore syscall from default seccomp filter | netblue30 | 2019-01-23 |
| | |||
* | adding mincore syscall to the default seccomp filter and some independent ↵ | netblue30 | 2019-01-14 |
| | | | | profiles | ||
* | Merge pull request #2297 from smitsohu/patch | startx2017 | 2018-12-17 |
|\ | | | | | enforce nonewprivs instead of seccomp for chroot sandboxes | ||
| * | enforce nonewprivs instead of seccomp for chroot sandboxes | smitsohu | 2018-12-15 |
| | | | | | | | | | | currently users are able to specify a seccomp filter of their choosing, leaving the real defense to nonewprivs anyway. | ||
* | | fix netstats typo in man firejail | glitsj16 | 2018-12-16 |
|/ | |||
* | add HAS_NODBUS conditional, ${RUNUSER} makro | smitsohu | 2018-12-07 |
| | |||
* | Merge pull request #2276 from smitsohu/tmpfs | netblue30 | 2018-11-28 |
|\ | | | | | refactor private-cache and tmpfs | ||
| * | refactor private-cache and tmpfs | smitsohu | 2018-11-26 |
| | | | | | | | | | | | | has the immediate benefit that the result of combining --noexec and --tmpfs does not depend on the sequence of the options |