aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAge
* compile fixLibravatar netblue302022-01-18
|
* nettrace fixesLibravatar netblue302022-01-18
|
* following up 493a0ef306a8b610f3ed6a1b88a4dbea25e8498bLibravatar smitsohu2022-01-18
|
* keep-fd cleanupLibravatar smitsohu2022-01-17
|
* some hardeningLibravatar smitsohu2022-01-17
|
* gcovLibravatar smitsohu2022-01-17
|
* more compile warningsLibravatar netblue302022-01-16
|
* compile warningsLibravatar netblue302022-01-16
|
* disable pipewire with --nosoundLibravatar netblue2022-01-16
|
* compile warningsLibravatar netblue302022-01-16
|
* more on nettraceLibravatar netblue302022-01-16
|
* Merge pull request #4856 from smitsohu/fildesLibravatar netblue302022-01-16
|\ | | | | keep-fd option (#4845)
| * keep-fd option (#4845)Libravatar smitsohu2022-01-14
| |
* | Merge pull request #4851 from kmk3/groups-keep-vglusersLibravatar netblue302022-01-16
|\ \ | | | | | | Keep vglusers group unless no3d is used (virtualgl)
| * | Keep vglusers group unless no3d is used (virtualgl)Libravatar Kelvin M. Klann2022-01-12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtualgl[1] runs `chown root:vglusers` on `/dev/nvidia*` and on devices usually owned by the "render" group[2]. This makes them unavailable in the sandbox if `noroot` (which causes groups to be dropped) is used. Since firejail classifies all of the aforementioned devices as being `DEV_3D` on fs_dev.c (which means that they are controlled by `no3d`), treat the "vglusers" group the same as the "render" group (by always keeping "vglusers" unless `no3d` is used). See the discussion on #2042 (from this comment[3] onwards). [1] https://virtualgl.org [2] https://github.com/VirtualGL/virtualgl/blob/6f0b90be02d13171dfdfffb112485f4091a5904f/server/vglserver_config#L393 [3] https://github.com/netblue30/firejail/issues/2042#issuecomment-1007468715 Reported-by: @JCallicoat
* | raincatLibravatar netblue302022-01-14
| |
* | fix warzone2100 (Debian 11)Libravatar netblue302022-01-13
| |
* | add wget2 to firecfg.configLibravatar glitsj162022-01-13
|/
* refactor closing of file descriptorsLibravatar smitsohu2022-01-12
|
* fix scan-buildLibravatar netblue302022-01-11
|
* fix scan-build/cppcheck warningsLibravatar netblue302022-01-11
|
* remove compile warningLibravatar netblue302022-01-10
|
* nettraceLibravatar netblue302022-01-09
|
* Merge pull request #4826 from adrianlshaw/masterLibravatar netblue302022-01-08
|\ | | | | RPCS3 profile
| * Add rpcs3 profileLibravatar Adrian L. Shaw2022-01-06
| |
* | Merge pull request #4827 from kmk3/noprinters-add-missingLibravatar netblue302022-01-08
|\ \ | | | | | | noprinters: add missing items & add to profile.template
| * | noprinters: add missing items from new command checklistLibravatar Kelvin M. Klann2022-01-05
| |/ | | | | | | | | | | | | | | | | | | | | | | See CONTRIBUTING.md. The changes are based on what was done on commit 5a612029b ("rename noautopulse to keep-config-pulse", 2021-05-13) / PR #4278. This amends commit bd15e763e ("--noprinter option", 2021-10-20) and commit d9403dcdc ("small fix", 2021-10-20). Relates to #4607.
* | 2022 copyright updateLibravatar netblue302022-01-07
| |
* | more on nettraceLibravatar netblue302022-01-07
| |
* | fix wrap/nowrap help string in firemonLibravatar netblue302022-01-07
|/
* add notableLibravatar glitsj162022-01-05
|
* nettrace/netlockLibravatar netblue302022-01-04
|
* remove compile warningsLibravatar netblue302021-12-28
|
* updatesLibravatar netblue302021-12-28
|
* Merge branch 'master' into whitelist-roLibravatar netblue302021-12-28
|\
| * nettraceLibravatar netblue302021-12-28
| |
| * nettrace/netlockLibravatar netblue302021-12-28
| |
| * Fix a typoLibravatar Tad2021-12-21
| | | | | | | | Signed-off-by: Tad <tad@spotco.us>
| * firecfg fix (#4235)Libravatar netblue302021-12-21
| |
| * fix bug: firejail rejects empty arguments (#4395)Libravatar netblue302021-12-21
| |
| * updatesLibravatar netblue302021-12-19
| |
| * fix --private-cwd problemLibravatar netblue302021-12-19
| |
| * Remove profcleaner.c and profcleaner.shLibravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | As of this commit, these are not of much use. Though later if a generic profile search/replace tool with built-in rules is to be added, the tools in question could be used as a starting point. src/tools/profcleaner.c was added on commit fe0f975f4 ("move whitelist/blacklist to allow/deny", 2021-07-05). src/tools/profcleaner.sh was added on commit ed02ab57b ("Create profcleaner.sh", 2021-07-07) / PR #4389. Relates to #4410.
| * Revert "allow/noallow/deny/nodeny aliases for ↵Libravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | whitelist/nowhitelist/blacklist/noblacklist" This reverts commit 45f2ba544e9934b49e03b17c0a638dddc3a44734. Note: This is not a clean revert. Note2: This also reverts the changes to src/firejail/profile.c from commit fe0f975f4 ("move whitelist/blacklist to allow/deny", 2021-07-05). Relates to #4410.
| * Revert "allow/deny in zsh completion"Libravatar Kelvin M. Klann2021-12-10
| | | | | | | | | | | | This reverts commit 1021fb9e5d32a48698c0c8c913d44a048b12db7f. Relates to #4388 and #4410.
| * profstats fix (#4733)Libravatar netblue302021-12-10
| |
| * Merge pull request #4743 from vnepogodin/masterLibravatar netblue302021-12-08
| |\ | | | | | | Add CachyBrowser profile
| | * Add new cachy-browser profileLibravatar Vladislav Nepogodin2021-12-06
| | |
| * | Merge pull request #4732 from kmk3/fix-groups-misc3Libravatar netblue302021-12-08
| |\ \ | | | | | | | | Fix keeping certain groups with nogroups
| | * | Fix keeping certain groups with nogroupsLibravatar Kelvin M. Klann2021-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This amends commit b828a9047 ("Keep audio and video groups regardless of nogroups", 2021-11-28) from PR #4725. The commit above did not change the behavior (the groups are still not kept). With this commit, it appears to work properly: $ groups | grep audio >/dev/null && echo kept kept # with check_can_drop_all_groups == 0 $ firejail --quiet --noprofile --nogroups groups | grep audio >/dev/null && echo kept kept # with check_can_drop_all_groups == 1 $ firejail --quiet --noprofile --nogroups groups | grep audio >/dev/null && echo kept $ Add a new check_can_drop_all_groups function to check whether the supplementary groups can be safely dropped without potentially causing issues with audio, 3D hardware acceleration or input (and maybe more). It returns false if nvidia (and no `no3d`) is used or if (e)logind is not running, as in either case the supplementary groups might be needed. Note: With this, the behavior from before #4725 is restored on (e)logind systems (when not using nvidia), as it makes the supplementary groups always be dropped on such systems. Note2: Even with the static variable, these checks still happen at least twice. It seems that it happens once per translation unit (and I think that it may happen more times if there are multiple processes involved). This also amends (/kind of reverts) commit 6ddedeba0 ("Make nogroups work on nvidia again", 2021-11-29) from PR #4725, as it restores the nvidia check from it into the new check_can_drop_all_groups function.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-09-02 08:00:48 +0000