Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | pidstr needs 11 bytes (10 + NULL) | Reiner Herrmann | 2017-08-29 |
| | | | | | | | | | | | | | also use %d because index is signed int. Found by compiler: netstats.c:165:23: warning: ‘__builtin___snprintf_chk’ output may be truncated before the last format character [-Wformat-truncation=] snprintf(pidstr, 10, "%u", index); ^~~~ In file included from /usr/include/stdio.h:938:0, from firemon.h:24, from netstats.c:20: /usr/include/x86_64-linux-gnu/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 2 and 11 bytes into a destination of size 10 | ||
* | Fix pointer dereference | Reiner Herrmann | 2017-08-29 |
| | | | | | | | Found by compiler: fs_bin.c:108:14: warning: comparison between pointer and zero character constant [-Wpointer-compare] if (++fname == '\0') ^~ | ||
* | cleanup | netblue30 | 2017-08-27 |
| | |||
* | --private-bin: restrict full paths to the directories in the list | netblue30 | 2017-08-27 |
| | |||
* | Allow private-bin parameters to be an absolute path | LaurentGH | 2017-08-24 |
| | | | With Ubuntu 16.04, /usr/bin/which is a symlink to /bin/which. So, using "private-bin which" finds "which" in /usr/bin and adds the symlink to "which" in /bin mapped directory. The /bin directory thus contains a symlink named "which" pointing to "/bin/which" (itself). This creates a symlink loop, and does not work. In order to solve this, the full path can now be used, such as "private-bin /bin/which". | ||
* | fix compiling when seccomp is disabled | Reiner Herrmann | 2017-08-23 |
| | |||
* | man page | netblue30 | 2017-08-23 |
| | |||
* | enforce seccomp | netblue30 | 2017-08-23 |
| | |||
* | fix seccomp.keep for #1490 | netblue30 | 2017-08-23 |
| | |||
* | Merge pull request #1488 from SpotComms/mf | netblue30 | 2017-08-23 |
|\ | | | | | Various changes | ||
| * | Add a profile for Neverball | Tad | 2017-08-22 |
| | | |||
* | | cleanup | netblue30 | 2017-08-23 |
| | | |||
* | | seccomp: fix errno | netblue30 | 2017-08-22 |
|/ | |||
* | compile fixes | netblue30 | 2017-08-21 |
| | |||
* | enhancement: print all seccomp filters under --debug | netblue30 | 2017-08-20 |
| | |||
* | Feature: switch/config option to block secondary architectures | Topi Miettinen | 2017-08-19 |
| | | | | | | | | | Add a feature for a new (opt-in) command line switch and config file option to block secondary architectures entirely. Also block changing Linux execution domain with personality() system call for the primary architecture. Closes #1479 | ||
* | testing | netblue30 | 2017-08-19 |
| | |||
* | create /usr/local for firecfg if the directory doesn't exist | netblue30 | 2017-08-19 |
| | |||
* | Postpone installation of seccomp filters just before execve | Topi Miettinen | 2017-08-19 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-18 |
|\ | |||
| * | new MuseScore profile (#1477) | smitsohu | 2017-08-18 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * add musescore profile * blacklist musescore * add musescore * add musescore * add tuxguitar, musescore * add tuxguitar, musescore | ||
* | | seccomp testing | netblue30 | 2017-08-18 |
|/ | |||
* | Minor manpage correction | Reiner Herrmann | 2017-08-18 |
| | |||
* | memory-deny-write-execute testing | netblue30 | 2017-08-18 |
| | |||
* | private-lib | netblue30 | 2017-08-17 |
| | |||
* | memory-deny-write-execute | netblue30 | 2017-08-17 |
| | |||
* | --net=none documentation | netblue30 | 2017-08-17 |
| | |||
* | fix x11 display reporting in firemon and firetools for sessions joining an ↵ | netblue30 | 2017-08-15 |
| | | | | existing x11 sandbox | ||
* | compile cleanup | startx2017 | 2017-08-15 |
| | |||
* | fix #1462 | startx2017 | 2017-08-15 |
| | |||
* | update RELNOTES/Readme.md/--help; man page update for #1439 | startx2017 | 2017-08-14 |
| | |||
* | Fix compile with older kernel headers | Topi Miettinen | 2017-08-13 |
| | |||
* | Fix copy-paste | Topi Miettinen | 2017-08-13 |
| | |||
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | modif: --output split in two commands, --output and --output-stderr; fix for ↵ | netblue30 | 2017-08-13 |
| | | | | #1458 | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-12 |
|\ | |||
| * | Enable system call groups with minus sign | Topi Miettinen | 2017-08-12 |
| | | |||
* | | added --nodvd | netblue30 | 2017-08-12 |
|/ | |||
* | private-dev enhancements | netblue30 | 2017-08-11 |
| | |||
* | Add TuxGuitar profile (#1453) | smitsohu | 2017-08-10 |
| | | | | | | | | | | | | | | | | | | | | * add tuxguitar profile tested for versions < 1.3 * blacklist tuxguitar * add tuxguitar * add tuxguitar * add support for tuxguitar > 1.2 higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus. * unbreak tuxguitar Internet access versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used | ||
* | Enable syscall groups for non-internal use | Topi Miettinen | 2017-08-10 |
| | |||
* | typo | Reiner Herrmann | 2017-08-10 |
| | |||
* | Add a profile alias for Firefox Nightly | Tad | 2017-08-10 |
| | |||
* | --notv for #1446 | startx2017 | 2017-08-10 |
| | |||
* | add /dev/dbv to private-dev list | startx2017 | 2017-08-09 |
| | |||
* | merges | Fred-Barclay | 2017-08-07 |
| | |||
* | Seccomp: split @default into more meaningful smaller groups | Topi Miettinen | 2017-08-06 |
| | |||
* | Seccomp: system call grouping and call numbers | Topi Miettinen | 2017-08-06 |
| | |||
* | private-lib fixes | netblue30 | 2017-08-06 |
| | |||
* | private-lib: fix crash | netblue30 | 2017-08-06 |
| |