Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | Allow any syscall to be blacklisted (#1447) | Topi Miettinen | 2017-08-13 |
| | | | | | | | Allow any syscall to be blacklisted with aid of LD_PRELOAD library, libpostexecseccomp.so. Closes: #1447 | ||
* | modif: --output split in two commands, --output and --output-stderr; fix for ↵ | netblue30 | 2017-08-13 |
| | | | | #1458 | ||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-08-12 |
|\ | |||
| * | Enable system call groups with minus sign | Topi Miettinen | 2017-08-12 |
| | | |||
* | | added --nodvd | netblue30 | 2017-08-12 |
|/ | |||
* | private-dev enhancements | netblue30 | 2017-08-11 |
| | |||
* | Add TuxGuitar profile (#1453) | smitsohu | 2017-08-10 |
| | | | | | | | | | | | | | | | | | | | | * add tuxguitar profile tested for versions < 1.3 * blacklist tuxguitar * add tuxguitar * add tuxguitar * add support for tuxguitar > 1.2 higher versions fail to launch without protocol=inet,inet6 and with noexec=~. Yet, net=none seems to be still tolerated, which comes handy to block talk with internet and dbus. * unbreak tuxguitar Internet access versions >= 1.3 actually run fine with net=none enabled, if the built-in internet dependent feature is not used | ||
* | Enable syscall groups for non-internal use | Topi Miettinen | 2017-08-10 |
| | |||
* | typo | Reiner Herrmann | 2017-08-10 |
| | |||
* | Add a profile alias for Firefox Nightly | Tad | 2017-08-10 |
| | |||
* | --notv for #1446 | startx2017 | 2017-08-10 |
| | |||
* | add /dev/dbv to private-dev list | startx2017 | 2017-08-09 |
| | |||
* | merges | Fred-Barclay | 2017-08-07 |
| | |||
* | Seccomp: split @default into more meaningful smaller groups | Topi Miettinen | 2017-08-06 |
| | |||
* | Seccomp: system call grouping and call numbers | Topi Miettinen | 2017-08-06 |
| | |||
* | private-lib fixes | netblue30 | 2017-08-06 |
| | |||
* | private-lib: fix crash | netblue30 | 2017-08-06 |
| | |||
* | prive-lib: integration with firetools | netblue30 | 2017-08-06 |
| | |||
* | bring in private-lib libraries for all private-bin programs. ↵ | startx2017 | 2017-08-06 |
| | | | | Example:firejail --private-lib --private-bin=bash,ls,find,pwd,grep | ||
* | fix copyright statement | netblue30 | 2017-08-05 |
| | |||
* | Improve library handling: use DT_RPATH/DT_RUNPATH to find more libs | Topi Miettinen | 2017-08-05 |
| | | | | | | Helps in more complex cases like this: libpulse.so wants libpulsecommon-10.0.so, which is located in /usr/lib/x86_64-linux-gnu/pulseaudio. This path is specified with DT_RUNPATH. | ||
* | Merge pull request #1436 from SpotComms/gt | Fred Barclay | 2017-08-05 |
|\ | | | | | Add a profile for Gnome Twitch | ||
| * | Add a profile for Gnome Twitch | Tad | 2017-08-05 |
| | | |||
* | | private-lib: preliminary support for directories in private-lib list | netblue30 | 2017-08-05 |
|/ | |||
* | Update firecfg.config and add a wireshark-* alias | Tad | 2017-08-04 |
| | |||
* | private-lib: add src/fldd | netblue30 | 2017-08-04 |
| | |||
* | private-lib: support for /etc/firejail/firejail.config | netblue30 | 2017-08-04 |
| | |||
* | private-lib: bringing in private-lib list from command line | netblue30 | 2017-08-04 |
| | |||
* | private-lib: split fldd as a separate application | netblue30 | 2017-08-03 |
| | |||
* | Add rambox profile from #1425 | Fred Barclay | 2017-08-02 |
| | |||
* | get_mempolicy syscall was temporarily removed from the default seccomp list. ↵ | netblue30 | 2017-08-02 |
| | | | | | | It seems to break playing youtube videos on Firefox Nightly - #1414 | ||
* | x11/xpra support | netblue30 | 2017-08-01 |
| | |||
* | compile cleanup | netblue30 | 2017-08-01 |
| | |||
* | Fix tracing with private-lib | Topi Miettinen | 2017-08-01 |
| | |||
* | Merge pull request #1415 from chiraag-nataraj/master | netblue30 | 2017-07-31 |
|\ | | | | | Tentative implementation for #1405 | ||
| * | Ensure malloc was successful | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Remove debugging stuff, free start_child, exit properly | Chiraag Nataraj | 2017-07-30 |
| | | |||
| * | Tentative implementation for #1405 | Chiraag Nataraj | 2017-07-30 |
| | | |||
* | | Fixes for the private-lib and memory-deny-write-execute features | Topi Miettinen | 2017-07-30 |
| | | |||
* | | Memory-deny-write-execute feature | Topi Miettinen | 2017-07-30 |
| | | | | | | | | Feature to block attempts to create writable and executable memory. | ||
* | | Improve loading of seccomp filter | Topi Miettinen | 2017-07-30 |
| | | | | | | | | Also fixes a memory leak and double load. | ||
* | | Private /lib feature | Topi Miettinen | 2017-07-30 |
| | | |||
* | | merges | netblue30 | 2017-07-30 |
|/ | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | netblue30 | 2017-07-29 |
|\ | |||
| * | Add a profile for arm | Tad | 2017-07-29 |
| | | |||
* | | --shell=none fix | netblue30 | 2017-07-29 |
|/ | |||
* | Merge pull request #1410 from topimiettinen/seccomp-print | netblue30 | 2017-07-29 |
|\ | | | | | Improve seccomp printing | ||
| * | Improve seccomp printing | Topi Miettinen | 2017-07-28 |
| | | |||
* | | new profiles | netblue30 | 2017-07-29 |
| | | |||
* | | arp rework | netblue30 | 2017-07-29 |
|/ |