Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Fix doc: A more accurate example of profile loading by profile name. | 2018-10-17 | |
| | |||
* | Fix docs on default seccomp list: change mfsservctl -> nfsservctl and ↵ | 2018-10-17 | |
| | | | | reorder, add ni_syscall, remove duplicate process_vm_writev, add sys_debug_setcontext. | ||
* | Update profile manpage to detail added "include" functionality. | 2018-10-17 | |
| | |||
* | Allow include to search userdir then systemdir for "bare" profile file names. | 2018-10-17 | |
| | |||
* | Merge pull request #2158 from crass/profile_conditional | 2018-10-17 | |
|\ | | | | | #2158: Add support for rudimentary conditionals in profiles | ||
| * | Update documentation for profile conditionals. | 2018-10-16 | |
| | | |||
| * | Add support for rudimentary conditionals in profiles, currently only the ↵ | 2018-10-16 | |
| | | | | | | | | HAS_APPIMAGE conditional is supported. | ||
* | | manpages: update disable-mnt description | 2018-10-16 | |
|/ | | | This will better match current code. | ||
* | Update man pages and usage to reflect --profile enhancement. | 2018-10-15 | |
| | |||
* | Allow specifying a profile "name" with the profile option (eg. ↵ | 2018-10-15 | |
| | | | | --profile=firefox). | ||
* | rename expand_home -> expand_macros to better reflect usage and remove ↵ | 2018-10-15 | |
| | | | | unneeded homedir argument. | ||
* | tentative fix: automatically mount libdir in chroot - #2176 | 2018-10-15 | |
| | |||
* | Merge pull request #2192 from crass/fix-ld.so.preload-path | 2018-10-14 | |
|\ | | | | | The path in ld.so.preload should point to RUN_FIREJAIL_LIB_DIR, as LIBDIR may not exist. | ||
| * | The path in ld.so.preload should point to RUN_FIREJAIL_LIB_DIR, as LIBDIR ↵ | 2018-10-13 | |
| | | | | | | | | may not exist. | ||
* | | Make --join return exit code of the invoked program | 2018-10-14 | |
| | | |||
* | | Merge branch 'master' of https://github.com/netblue30/firejail | 2018-10-13 | |
|\| | |||
| * | bringing in the fix for always have helpers in sandbox (original pull rq ↵ | 2018-10-13 | |
| | | | | | | | | from crass) | ||
| * | private-lib fix | 2018-10-13 | |
| | | |||
| * | Revert "Fix issue #2148: Make sure firejail can find helper programs in ↵ | 2018-10-13 | |
| | | | | | | | | | | | | | | | | | | sandbox regardless of options." This reverts commit 4017e8a1359208e149b2eac10900987acd4a6f9e. I am running into some problems with the initial unshare/mount in main.c. I'll bring in the files one by one. | ||
| * | Merge pull request #2185 from glitsj16/masterpdfeditor | 2018-10-13 | |
| |\ | | | | | | | New profile masterpdfeditor | ||
| | * | Add masterpdfeditor to firecfg | 2018-10-13 | |
| | | | |||
| * | | Fix issue #2148: Make sure firejail can find helper programs in sandbox ↵ | 2018-10-13 | |
| |/ | | | | | | | regardless of options. | ||
| * | Merge pull request #2183 from glitsj16/nitroshare | 2018-10-13 | |
| |\ | | | | | | | New profile nitroshare | ||
| | * | Add nitroshare to firecfg | 2018-10-13 | |
| | | | |||
| * | | Add artha to firecfg | 2018-10-13 | |
| |/ | |||
* / | improve clean_pathname() function: drop realloc | 2018-10-13 | |
|/ | | | | | | | rf. previous commit a5b7a9a8bec6a7f2162850449b1ff29c1fde2826 freeing what is expected to be a single byte only is most probably not worth the effort | ||
* | fs_whitelist: no warning if macro resolution fails because of missing homedir | 2018-10-12 | |
| | |||
* | clean homedir pathname | 2018-10-12 | |
| | | | | fixes #2137 and similar issues with the /proc/self/mountinfo checks | ||
* | Minor fixes | 2018-10-11 | |
| | |||
* | Merge pull request #2172 from glitsj16/min | 2018-10-11 | |
|\ | | | | | New profile min | ||
| * | Update for min | 2018-10-11 | |
| | | |||
* | | Merge pull request #2171 from glitsj16/desktop | 2018-10-11 | |
|\ \ | | | | | | | New profile desktop (a.k.a. github-desktop) | ||
| * | | Update for desktop (a.k.a. github-desktop) | 2018-10-11 | |
| |/ | |||
* | | Merge pull request #2170 from glitsj16/easystroke | 2018-10-11 | |
|\ \ | | | | | | | New profile easystroke | ||
| * | | Update for easystroke | 2018-10-11 | |
| |/ | |||
* | | Merge pull request #2165 from glitsj16/authenticator | 2018-10-11 | |
|\ \ | | | | | | | Authenticator | ||
| * | | Update for authenticator | 2018-10-11 | |
| |/ | |||
* | | Merge pull request #2162 from glitsj16/QMediathekView | 2018-10-11 | |
|\ \ | | | | | | | new profile QMediathekView | ||
| * | | Update firecfg.config | 2018-10-11 | |
| |/ | |||
* / | allow overriding of disable-mnt with noblacklist - #2154 | 2018-10-11 | |
|/ | |||
* | clean /run/user directory | 2018-10-07 | |
| | |||
* | Merge pull request #2141 from crass/fix-appimage-hdr-calc | 2018-10-06 | |
|\ | | | | | Update appimage size calculation to newest code from libappimage. | ||
| * | Update appimage size calculation to newest code from libappimage. | 2018-10-05 | |
| | | |||
* | | Merge pull request #2138 from crass/fix-fj-proc-detect | 2018-10-06 | |
|\ \ | | | | | | | Fix incorrect --list and --tree output under certain circumstances | ||
| * | | Firejail should look for processes with names exactly named "firejail" to ↵ | 2018-10-05 | |
| |/ | | | | | | | avoid accounting for processes with a "firejail" prefix. | ||
* | | Merge pull request #2130 from crass/fix-2045 | 2018-10-04 | |
|\ \ | | | | | | | FIX-2045: Fix command name parsing for program paths with spaces. | ||
| * | | Fix command name parsing so that program paths with spaces do not cause the ↵ | 2018-10-01 | |
| |/ | | | | | | | wrong or no profile to be detected. | ||
* / | incomplete fix: whitelisting of symlinks to other home dirs | 2018-10-02 | |
|/ | | | | | | | | | belongs to previous commit 51eeef2059f00de117472046601e10a9fd958d51 short summary of the new behavior, which should catch a few corner cases better: - a non-existant file in another homedir (say homedirs are "/foo/user" and "/foo/user2") is silently ignored (previously a tmpfs was mounted on the users homedir, which was wrong) - a symlink pointing to an existing file in another homedir now works (but the link will be always dangling; you need --allusers to see this) - a symlink pointing back to the entire homedir now works as expected | ||
* | mount empty home if macro can't be whitelisted | 2018-10-01 | |
| | |||
* | fs_whitelist: reduce number of loop iterations | 2018-10-01 | |
| |