| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
as no length checks are performed any more on environment variables,
remove obsoleted code
|
| |
|
|\
| |
| | |
Add first version of zsh completion
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't have duplicate descriptions and put = signs where they belong to
zsh completion function now dynamically adjusts for options (e.g. no --apparmor option without AppArmor configured)
No EXTRA_CFLAGS for cpp
Found main.c which does the argument processing. Moved some arguments into the correct #ifdef blocks
Profile selection now much better
Not more cpp. Using preproc.awk instead.
Updated bash firejail command completion to add profiles
ignore bash and zsh dynamically created completion scripts
Moved bash/zsh completions out of ALL_ITEMS to fix make install
Cleanup
|
| |
| |
| |
| |
| | |
readability/making it more obvious buffers
are properly initialized
|
| | |
|
| |
| |
| |
| |
| | |
the check was introduced some time ago in fs_x11(), but
fs_chroot() does the same thing and needs it as well
|
| |
| |
| |
| |
| |
| |
| | |
With the recent changes to environment variable handling, it should be
safe to always allow empty variables.
Closes: #3965
|
| | |
|
|\ \
| | |
| | | |
add support for faccessat2 syscall
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
|\ \
| | |
| | | |
Email part (2)
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Save all environment variables for later use in the application, clear
environment and re-apply only whitelisted variables for the main
firejail process. The whitelisted environment is only used by C
library. Sandboxed tools will get further variables used
internally (FIREJAIL_*).
All variables will be reapplied for the firejailed application.
This also lifts the length restriction for environment variables,
except for the variables used by Firejail itself or the sandboxed
tools.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update disable-programs.inc
* Create calligragemini.profile
* Update calligra.profile
* Update calligra.profile
* Update firecfg.config
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
fsec-optimize: Optimize BPF with current seccomp error action, not
just KILL
fseccomp: use correct BPF code for errno action
firejail: honor seccomp error action for X32 and secondary filters,
rebuild filters if the error action is changed
Closes: #3933
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Update disable-programs.inc
* Update disable-programs.inc
* Update firecfg.config
* Create avidemux.profile
* Update avidemux.profile
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
New profile for CoyIM
|
| |/ / |
|
|\ \ \
| | | |
| | | | |
Add profile for kdiff3
|
| | | | |
|
| | | | |
|
|/ / / |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Add $PATH expansion to private-lib
|
| | | | |
|
|\ \ \ \
| | | | |
| | | | | |
private-lib: add new timetrace
|
| |/ / / |
|
| | | | |
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
as modern-day Debian only keeps a single symbolic link in
/lib64, going through both directories systematically adds
virtually no overhead (as indicated by the timetrace). At
the same time it is simpler and more robust in producing a correct
representation of the filesystem.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|