Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | add onionshare redirects (#4957) | glitsj16 | 2022-02-18 |
| | | | | | | | * Create onionshare.profile * Create onionshare-cli.profile * add onionshare redirects to firecfg.config | ||
* | Disable/comment message about nogroups being ignored | Kelvin M. Klann | 2022-02-11 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added on commit 7abce0b4c ("Fix keeping certain groups with nogroups", 2021-11-30) / PR #4732. As reported by @rusty-snake on #4930, conflicting messages are printed when using whitelist-run-common.inc with nogroups: $ cat test.profile include whitelist-run-common.inc nogroups $ firejail --profile=./test.profile groups Reading profile ./test.profile Reading profile /etc/firejail/whitelist-run-common.inc Parent pid 1234, child pid 1235 Warning: logind not detected, nogroups command ignored <--- is a lie Warning: cleaning all supplementary groups Child process initialized in 30.00 ms rusty-snake <---- running `groups` outside of the sandbox shows more so groups are actually cleaned Parent is shutting down, bye... This probably happens because wrc causes /run/systemd to be hidden in the sandbox and because check_can_drop_all_groups is called multiple times, seemingly both before and after the whitelisting goes into effect. So disable the message about nogroups being ignored, but keep the message about cleaning all supplementary groups (which is unlikely to be printed unless it really happens). Fixes #4930. | ||
* | fix --private-cwd, issue #4910 | netblue30 | 2022-02-08 |
| | |||
* | fix joining of sandboxes without shell | smitsohu | 2022-02-06 |
| | | | | regressed in c764520b5aa343c00c3a73633511df039645973c | ||
* | new version for NixOS 4887 | netblue30 | 2022-02-03 |
| | |||
* | new tentative fox for NixOS/private-etc (4887) | netblue30 | 2022-02-02 |
| | |||
* | tentative fix for private-etc in NixOS - issue 4887 | netblue30 | 2022-02-02 |
| | |||
* | netlocker fixes | netblue30 | 2022-02-02 |
| | |||
* | Merge pull request #4829 from CaseOf/seafile | netblue30 | 2022-01-24 |
|\ | | | | | Seafile | ||
| * | add seafile-applet | CaseOf | 2022-01-06 |
| | | |||
* | | Merge pull request #4873 from reedriley/cointop | netblue30 | 2022-01-24 |
|\ \ | | | | | | | add a profile for cointop | ||
| * | | add a profile for cointop | Reed Riley | 2022-01-21 |
| | | | |||
* | | | build option: add appimage support | smitsohu | 2022-01-24 |
| | | | |||
* | | | more man page fixes | smitsohu | 2022-01-23 |
| | | | | | | | | | | | | | | | | | | there are two build options, should clean up both follow-up to commit a6283fd7873a4f1dffb0730a968406d52545c73a | ||
* | | | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2022-01-23 |
|\ \ \ | |||
| * | | | netlink: revert man pages | netblue30 | 2022-01-22 |
| | | | | |||
* | | | | testing | smitsohu | 2022-01-23 |
| | | | | |||
* | | | | build option: remove deprecated strace feature from manual | smitsohu | 2022-01-23 |
|/ / / | |||
* | | | netlink - fixing the fix | netblue30 | 2022-01-22 |
| | | | |||
* | | | man: mention that private-bin and private-etc are cumulative | Kelvin M. Klann | 2022-01-22 |
| | | | | | | | | | | | | | | | | | | This amends commit ac6c8c038 ("fix #4078", 2022-01-21). Fixes #4078. | ||
* | | | add a profile for 1password (#4874) | Reed Riley | 2022-01-21 |
| | | | |||
* | | | fix: some firejail output goes to stdout instead of stderr #4328 | netblue30 | 2022-01-21 |
| | | | |||
* | | | adding netlink to --protocol list (#4605) | netblue | 2022-01-21 |
| | | | |||
* | | | allow apostrophe in whitelist/blacklist ( #4614) | netblue30 | 2022-01-21 |
| | | | |||
* | | | fix #4078 | netblue30 | 2022-01-21 |
| | | | |||
* | | | cleanup for previous commit | netblue30 | 2022-01-21 |
| | | | |||
* | | | fix attribute for /tmp/user in --private-tmp, and fix #4151 | netblue30 | 2022-01-21 |
| | | | |||
* | | | hostnames -> static-ip-map | netblue30 | 2022-01-20 |
|/ / | |||
* | | compile fix | netblue30 | 2022-01-18 |
| | | |||
* | | nettrace fixes | netblue30 | 2022-01-18 |
| | | |||
* | | following up 493a0ef306a8b610f3ed6a1b88a4dbea25e8498b | smitsohu | 2022-01-18 |
| | | |||
* | | keep-fd cleanup | smitsohu | 2022-01-17 |
| | | |||
* | | some hardening | smitsohu | 2022-01-17 |
| | | |||
* | | gcov | smitsohu | 2022-01-17 |
| | | |||
* | | more compile warnings | netblue30 | 2022-01-16 |
| | | |||
* | | compile warnings | netblue30 | 2022-01-16 |
| | | |||
* | | disable pipewire with --nosound | netblue | 2022-01-16 |
| | | |||
* | | compile warnings | netblue30 | 2022-01-16 |
| | | |||
* | | more on nettrace | netblue30 | 2022-01-16 |
| | | |||
* | | Merge pull request #4856 from smitsohu/fildes | netblue30 | 2022-01-16 |
|\ \ | | | | | | | keep-fd option (#4845) | ||
| * | | keep-fd option (#4845) | smitsohu | 2022-01-14 |
| | | | |||
* | | | Merge pull request #4851 from kmk3/groups-keep-vglusers | netblue30 | 2022-01-16 |
|\ \ \ | | | | | | | | | Keep vglusers group unless no3d is used (virtualgl) | ||
| * | | | Keep vglusers group unless no3d is used (virtualgl) | Kelvin M. Klann | 2022-01-12 |
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | virtualgl[1] runs `chown root:vglusers` on `/dev/nvidia*` and on devices usually owned by the "render" group[2]. This makes them unavailable in the sandbox if `noroot` (which causes groups to be dropped) is used. Since firejail classifies all of the aforementioned devices as being `DEV_3D` on fs_dev.c (which means that they are controlled by `no3d`), treat the "vglusers" group the same as the "render" group (by always keeping "vglusers" unless `no3d` is used). See the discussion on #2042 (from this comment[3] onwards). [1] https://virtualgl.org [2] https://github.com/VirtualGL/virtualgl/blob/6f0b90be02d13171dfdfffb112485f4091a5904f/server/vglserver_config#L393 [3] https://github.com/netblue30/firejail/issues/2042#issuecomment-1007468715 Reported-by: @JCallicoat | ||
* | | | raincat | netblue30 | 2022-01-14 |
| | | | |||
* | | | fix warzone2100 (Debian 11) | netblue30 | 2022-01-13 |
| | | | |||
* | | | add wget2 to firecfg.config | glitsj16 | 2022-01-13 |
|/ / | |||
* | | refactor closing of file descriptors | smitsohu | 2022-01-12 |
| | | |||
* | | fix scan-build | netblue30 | 2022-01-11 |
| | | |||
* | | fix scan-build/cppcheck warnings | netblue30 | 2022-01-11 |
| | | |||
* | | remove compile warning | netblue30 | 2022-01-10 |
| | |