aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* cleanupLibravatar netblue302017-08-27
|
* --private-bin: restrict full paths to the directories in the listLibravatar netblue302017-08-27
|
* Allow private-bin parameters to be an absolute pathLibravatar LaurentGH2017-08-24
| | | With Ubuntu 16.04, /usr/bin/which is a symlink to /bin/which. So, using "private-bin which" finds "which" in /usr/bin and adds the symlink to "which" in /bin mapped directory. The /bin directory thus contains a symlink named "which" pointing to "/bin/which" (itself). This creates a symlink loop, and does not work. In order to solve this, the full path can now be used, such as "private-bin /bin/which".
* fix compiling when seccomp is disabledLibravatar Reiner Herrmann2017-08-23
|
* man pageLibravatar netblue302017-08-23
|
* enforce seccompLibravatar netblue302017-08-23
|
* fix seccomp.keep for #1490Libravatar netblue302017-08-23
|
* Merge pull request #1488 from SpotComms/mfLibravatar netblue302017-08-23
|\ | | | | Various changes
| * Add a profile for NeverballLibravatar Tad2017-08-22
| |
* | cleanupLibravatar netblue302017-08-23
| |
* | seccomp: fix errnoLibravatar netblue302017-08-22
|/
* compile fixesLibravatar netblue302017-08-21
|
* enhancement: print all seccomp filters under --debugLibravatar netblue302017-08-20
|
* Feature: switch/config option to block secondary architecturesLibravatar Topi Miettinen2017-08-19
| | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479
* testingLibravatar netblue302017-08-19
|
* create /usr/local for firecfg if the directory doesn't existLibravatar netblue302017-08-19
|
* Postpone installation of seccomp filters just before execveLibravatar Topi Miettinen2017-08-19
|
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302017-08-18
|\
| * new MuseScore profile (#1477)Libravatar smitsohu2017-08-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * add musescore profile * blacklist musescore * add musescore * add musescore * add tuxguitar, musescore * add tuxguitar, musescore
* | seccomp testingLibravatar netblue302017-08-18
|/
* Minor manpage correctionLibravatar Reiner Herrmann2017-08-18
|
* memory-deny-write-execute testingLibravatar netblue302017-08-18
|
* private-libLibravatar netblue302017-08-17
|
* memory-deny-write-executeLibravatar netblue302017-08-17
|
* --net=none documentationLibravatar netblue302017-08-17
|
* fix x11 display reporting in firemon and firetools for sessions joining an ↵Libravatar netblue302017-08-15
| | | | existing x11 sandbox
* compile cleanupLibravatar startx20172017-08-15
|
* fix #1462Libravatar startx20172017-08-15
|
* update RELNOTES/Readme.md/--help; man page update for #1439Libravatar startx20172017-08-14
|
* Fix compile with older kernel headersLibravatar Topi Miettinen2017-08-13
|
* Fix copy-pasteLibravatar Topi Miettinen2017-08-13
|
* Allow any syscall to be blacklisted (#1447)Libravatar Topi Miettinen2017-08-13
| | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447
* modif: --output split in two commands, --output and --output-stderr; fix for ↵Libravatar netblue302017-08-13
| | | | #1458
* Merge branch 'master' of https://github.com/netblue30/firejailLibravatar netblue302017-08-12
|\
| * Enable system call groups with minus signLibravatar Topi Miettinen2017-08-12
| |
* | added --nodvdLibravatar netblue302017-08-12
|/
* private-dev enhancementsLibravatar netblue302017-08-11
|
* Add TuxGuitar profile (#1453)Libravatar smitsohu2017-08-10
| | | | | | | | | | | | | | | | | | | | * add tuxguitar profile tested for versions < 1.3 * blacklist tuxguitar * add tuxguitar * add tuxguitar * add support for tuxguitar > 1.2 higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus. * unbreak tuxguitar Internet access versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used
* Enable syscall groups for non-internal useLibravatar Topi Miettinen2017-08-10
|
* typoLibravatar Reiner Herrmann2017-08-10
|
* Add a profile alias for Firefox NightlyLibravatar Tad2017-08-10
|
* --notv for #1446Libravatar startx20172017-08-10
|
* add /dev/dbv to private-dev listLibravatar startx20172017-08-09
|
* mergesLibravatar Fred-Barclay2017-08-07
|
* Seccomp: split @default into more meaningful smaller groupsLibravatar Topi Miettinen2017-08-06
|
* Seccomp: system call grouping and call numbersLibravatar Topi Miettinen2017-08-06
|
* private-lib fixesLibravatar netblue302017-08-06
|
* private-lib: fix crashLibravatar netblue302017-08-06
|
* prive-lib: integration with firetoolsLibravatar netblue302017-08-06
|
* bring in private-lib libraries for all private-bin programs. ↵Libravatar startx20172017-08-06
| | | | Example:firejail --private-lib --private-bin=bash,ls,find,pwd,grep
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-10 21:38:26 +0000