Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix #3782 -- Man pages have #ifdefs in them | rusty-snake | 2020-12-01 |
| | |||
* | document protocol=bluetooth | rusty-snake | 2020-11-16 |
| | |||
* | fix manpage wanings (#3563) | netblue30 | 2020-10-19 |
| | |||
* | man: call preproc.awk via Makefile, as the shebang hardcodes the path | Reiner Herrmann | 2020-10-10 |
| | |||
* | Fix spelling | Reiner Herrmann | 2020-10-05 |
| | |||
* | move to addgroup --system (#3632) | netblue30 | 2020-10-03 |
| | |||
* | document private-bin and private-lib disabled by default when running ↵ | netblue30 | 2020-10-01 |
| | | | | appimages (#3530) | ||
* | replaced --nowrap with --wrap in firemon (#2992) | netblue30 | 2020-10-01 |
| | |||
* | fix shell=none for --audit (#3116) | netblue30 | 2020-10-01 |
| | |||
* | manpages: file transfer | startx2017 | 2020-09-30 |
| | |||
* | manpages: network configuration | startx2017 | 2020-09-30 |
| | |||
* | manpages: configuration for dbus | startx2017 | 2020-09-30 |
| | |||
* | manpages: configuration for user namespace, x11 | startx2017 | 2020-09-03 |
| | |||
* | manpages: configuration for tunnel, chroot, private-home | startx2017 | 2020-09-03 |
| | |||
* | various | rusty-snake | 2020-09-03 |
| | | | | | | | | | | | | * README.md & RELNOTES * Allow gnome-build do read and write .bash_history, it has a build-in terminal * D-Bus filter for gnome-passwordsafe * wruc for supertuxkart * wruc+wusc for totem * dbus-system none for totem * remove src/man/preproc.c it is replaced by preproc.awk * remove dead-code form preproc.awk | ||
* | bringing in awk preprocessor from rusty-snake | netblue30 | 2020-09-02 |
| | |||
* | manpage: remove overlayfs from non-overlayfs builds | startx2017 | 2020-09-02 |
| | |||
* | manpage: remove apparmor from non-apparor builds | startx2017 | 2020-09-02 |
| | |||
* | preprocessor for man pages | startx2017 | 2020-09-01 |
| | |||
* | harden cat option | smitsohu | 2020-08-20 |
| | |||
* | Merge branch 'master' into ls | smitsohu | 2020-08-19 |
|\ | |||
| * | seccomp: logging | Topi Miettinen | 2020-08-05 |
| | | | | | | | | | | | | | | Allow `log` as an alternative seccomp error action instead of killing or returning an errno code. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | | cat option | smitsohu | 2020-08-19 |
|/ | |||
* | Man pages: were missing info about .profile .local resolution (#3440) | OndrejMalek | 2020-06-04 |
| | | | | | | | | | * Man pages: link to .profile resolution, urls * Man pages: firejail-profile add link to wiki profile creation * Man pages: line break, slash in path * Man pages remove space before dots | ||
* | man: minor clarifications to man pages (#3445) | Jeff Squyres | 2020-06-04 |
| | | | | | | | | Add verbiage to the man pages clarifying that the files/directories in the lists given to options such as --private-bin must be relative to the directory that is being limited (e.g., --private-opt requires a list of files/directories that are relative to /opt). Signed-off-by: Jeff Squyres <jeff@squyres.com> | ||
* | Documentation for new DBus options | Kristóf Marussy | 2020-05-07 |
| | |||
* | suport mkdir and mkfile for /run/user/<PID> directory (#3346) | netblue30 | 2020-04-13 |
| | |||
* | Clarify that file globbing occurs only at start | Antonio Russo | 2020-04-11 |
| | | | | | | firejail can blacklist (and now also whitelist) files based on glob pattern. This pattern is evaluated at firejail start, and not updated at run time. This patch documents this behavior. | ||
* | fix example in firejail-profile.txt | glitsj16 | 2020-04-08 |
| | |||
* | add example for overriding individiual DBus filter to firejail-profile.txt | glitsj16 | 2020-04-08 |
| | | | See discussion in https://github.com/netblue30/firejail/pull/3326. | ||
* | fix typo in firejail-profile.txt | glitsj16 | 2020-04-07 |
| | |||
* | Deprecate --nodbus option | Kristóf Marussy | 2020-04-07 |
| | |||
* | Add documentation for DBus filtering | Kristóf Marussy | 2020-04-06 |
| | |||
* | Allow changing error action in seccomp filters | Topi Miettinen | 2020-04-06 |
| | | | | | | | | | | | | | | Let user specify the action when seccomp filters trigger: - errno name like EPERM (default) or ENOSYS: return errno and let the process continue. - 'kill': kill the process as previous versions The default action is EPERM, but killing can still be specified with syscall:kill syntax or globally with seccomp-error-action=kill. The action can be also overridden /etc/firejail/firejail.config file. Not killing the process weakens Firejail slightly when trying to contain intrusion, but it may also allow tighter filters if the only alternative is to allow a system call. | ||
* | fixed firecfg man page, update README | netblue30 | 2020-04-02 |
| | |||
* | whitelist globing man page | netblue30 | 2020-04-01 |
| | |||
* | seccomp: allow defining separate filters for 32-bit arch | Topi Miettinen | 2020-03-28 |
| | | | | | | | | | | | | | | | | | | | | | System calls (names and numbers) are not exactly the same for 32 bit and 64 bit architectures. Let's allow defining separate filters for 32-bit arch using seccomp.32, seccomp.32.drop, seccomp.32.keep. This is useful for mixed 64/32 bit application environments like Steam and Wine. Implement protocol and mdwx filtering also for 32 bit arch. It's still better to block secondary archs completely if not needed. Lists of supported system calls are also updated. Warn if preload libraries would be needed due to trace, tracelog or postexecseccomp (seccomp.drop=execve etc), because a 32-bit dynamic linker does not understand the 64 bit preload libraries. Closes #3267. Signed-off-by: Topi Miettinen <toiwoton@gmail.com> | ||
* | new condition: HAS_NOSOUND | rusty-snake | 2020-03-15 |
| | |||
* | misc things | rusty-snake | 2020-02-22 |
| | | | | | | - spelling suggestion from @glitsj16 on fda62527 - drop python2 from openshot it never has a python2 version - #3126 note in manpage: cannot combine --private with --private= | ||
* | Documentation for DHCP support | Kristóf Marussy | 2020-01-27 |
| | |||
* | Improve --version command example | glitsj16 | 2020-01-20 |
| | | | Fixes #3135. | ||
* | spelling fix | Reiner Herrmann | 2019-12-30 |
| | |||
* | Fix ordering of 'RESTRICTED SHELL' | glitsj16 | 2019-12-15 |
| | |||
* | add HAS_NET conditional | smitsohu | 2019-11-11 |
| | |||
* | add HAS_X11 conditional, disconnect session manager - #2205 | smitsohu | 2019-10-08 |
| | |||
* | alphabetize man page entries | smitsohu | 2019-10-04 |
| | |||
* | increase socket buffer size for firemon, bug #2700 | netblue30 | 2019-09-29 |
| | |||
* | Merge branch 'master' into fix-profile-builder | netblue30 | 2019-09-15 |
|\ | |||
| * | update seccomp in man firejail | rusty-snake | 2019-09-13 |
| | | |||
* | | Update man page to note that --trace can now take an optional parameter. | Glenn Washburn | 2019-08-29 |
|/ |