| Commit message (Collapse) | Author | Age |
|
|
|
| |
PR #4349
|
|\
| |
| | |
creating qcomicbook profile
|
| | |
|
| |
| |
| |
| |
| | |
always access files under control of the user
with effective user id of the user
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
just in case users decide to remove them
completely from the sandbox, by means of
private-etc or whitelist
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create googler-common.profile
* Create googler.profile
* Create ddgr.profile
* Update firecfg.config
* sort fix
* space
* space
* tightening
* comment
* fix comment
* fix private-etc and ${DOWNLOADS}
* fix sort
* redundant ${DOWNLOADS}
|
|\
| |
| | |
cmdline.c: optionally quote the resulting command line
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If we were launched by sshd, do not add extra quotes to the command
line. This is because if firejail is a login shell, sshd will launch
firejail thusly:
* argv[0]: /path/to/firejail
* argv[1]: -c
* argv[2]: user's command to execute
For example, if the user executed "ssh othernode echo hello world",
argv[2] will be "echo hello world". Firejail will then add *extra*
quotes to it, resulting in argv[2] becoming "'echo hello world' "
(without the "", of course). The user's shell (e.g., bash) will see
the extra single quotes and will not split the token into multiple
tokens. The shell will be unable to find an executable or intrinsic
named "echo hello world ", so it will fail.
This commit changes the above behavior if firejail is launched by
sshd. In that case, firejail will *not* add the extra single quotes
around argv[2]. Specifically: all the tokens still end up in argv[2],
but there's no *extra* quotes around argv[2], so the shell will split
argv[2] into multiple tokens (if necessary). In the above example,
argv[2] will be "echo hello world" (without the ""), which will be
split. The shell will then look for an intrinsic or executable named
"echo", which will succeed, and "hello world" will ultimately be
emitted.
Signed-off-by: Jeff Squyres <jsquyres@cisco.com>
|
|\ \
| | |
| | | |
add firejail.config switch for private-{bin,etc,opt,srv}
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Create links-common.profile
* Update links.profile
* Create links2.profile
* Update links.profile
* Update links2.profile
* Update elinks.profile
* Update elinks.profile
* links2
* Update firecfg.config
* Update xlinks.profile
* .xlinks
* add dbus and whitelist-usr-share-common
* .xlinks doesn't exist
* revert
* Create xlinks2
* xlinks2
* Update xlinks2
* Update xlinks.profile
* no wayland
* no wayland
* doesn't use /tmp/.X11-unix
* doesn't use /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
* noblacklist /tmp/.X11-unix
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Create youtube-viewers-common.profile
* reorganising youtube viewers
* rm globals
* reorganise youtube viewers
* adding pipe-viewer
* adding gtk-pipe-viewer
* xterm and youtube-dl cache
* sort
* Update youtube-viewers-common.profile
* quiet
* quiet
* quiet
* Update firecfg.config
* rm vlc
* rm invalid binary
* noinput
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* rm whitelist-runuser-common.inc
* whitelist-runuser-common.inc
|
|\ \
| | |
| | | |
Refine appimage example in docs
|
| | | |
|
| | | |
|
|/ / |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
sandboxes can race to create RUN_RO_FILE in shared memory
similiar to #1013
regression from 825ac9cdc38c4285584e69d6f29102b149914dfe
|
|\ \
| | |
| | | |
Whitelist2 follow-up
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
besides some cosmetic tweaks, fixes --whitelist=/a/b
where /a/b is a symbolic link to /a/c/d
and c is the user home directory: create
path as user and not as root.
(going forward, a better and more comprehensive fix
would be to prevent all mount point traversals in
whitelist_mkpath, but it will take a bit of time
to implement)
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
Try to fix #2310 -- Can't create run directory without suid-root
|
| | | | |
|
|\ \ \ \
| | |/ /
| |/| /
| |_|/
|/| | |
Whitelist2
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|\ \ \
| | | |
| | | | |
rename noautopulse to keep-config-pulse
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Changes:
* add the keep-config-pulse option
* make noautopulse an alias for keep-config-pulse
* deprecate the noautopulse option
* misc: fix indentation of --keep-dev-shm on src/firejail/usage.c
Even though noautopulse is not intended for hardening, it looks like it
is, because it starts with "no", just like no3d, noroot, etc). In fact,
it is the only "no" option that differs in such a way.
And it has been accidentally misused as such before; see PR #4269 and
commit e4beaeaa8 ("drop noautopulse from agetpkg").
So effectively rename it to keep-config-pulse in order to avoid
confusion. This is similar to the keep-var-tmp and keep-dev-shm
options, which are used to "leave a path alone", just like noautopulse.
Note: The changes on this patch are based on the ones from commit
617ff40c9 ("add --noautopulse arg for complex pulse setups") / PR #1854.
See #4269 for the discussion.
|