| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
| |
* Matrix clients
Initial
* Add profile for fractal, # 1139
* Fixes
|
|
|
|
|
|
|
|
|
| |
* Various profiles
Initial
* Various fixes # 1
Removed blacklist,no3d; added icon flatpak paths;sorting;added space
|
|\ |
|
| |\ |
|
| | | |
|
| | | |
|
| |/ |
|
|/ |
|
|
|
| |
fixes e.g. --shell=none --seccomp.drop=write --seccomp-error-action=kill
|
|
|
|
|
|
|
|
|
|
| |
1) close #3612
2) remove an implicit limitation on rlimit-fsize option
(could not set limit to smaller than 6 bytes without affecting
the ability to join a sandbox)
3) rename 'join-or-start' file to just 'join'
4) when waiting for a sandbox that is not fully configured yet,
increase polling frequency from 10 per second to 100 per second
|
| |
|
|
|
| |
closes #3356
|
|
|
| |
closes #3584
|
|
|
|
| |
issue #3568
|
| |
|
|
|
|
| |
... and don't fail hard without need if there is a FUSE mount
|
|
|
|
| |
don't report success if read failed
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |\
| | |
| | | |
hardening: run plugins with dumpable flag cleared
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
1) copy xauth binary into the sandbox and set mode to 0711, so it runs
with cleared dumpable flag for unprivileged users
2) run xauth in an sbox sandbox
3) generate Xauthority file in runtime directory instead of /tmp;
this way xauth is able to connect to the X11 socket even if the
abstract socket doesn't exist, for example because a new network
namespace was instantiated
|
| | | |
|
| |\ \ |
|
| | | | |
|
| | | | |
|
| | |/
| |/| |
|
| |/
|/| |
|
|\ \
| | |
| | | |
harden bandwidth command
|
| | |
| | |
| | | |
add extra checks to defend against command injection (respective strings are controlled by Firejail, so this should be redundant and only for the paranoid), run shell in a minimal sandbox
|
| | |
| | |
| | |
| | | |
on Ubuntu autopkgtest runs on armhf, /dev/zero creation fails.
|
| | | |
|
|\ \ \
| | | |
| | | | |
seccomp: logging
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Allow `log` as an alternative seccomp error action instead of killing
or returning an errno code.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
|
| | | |
| | | |
| | | |
| | | |
| | | | |
Initial,amend: wrong dir,delete gtk-*,added new files
Co-authored-by: kortewegdevries <k0rtic_dv@aol.com>
|
| | | |
| | | |
| | | |
| | | | |
add check so that environment variable FIREJAIL_CHROOT_X11 can be used
to mount /tmp/.X11-unix into the chroot; issue #3568
|
| | | | |
|
| | | | |
|
| |_|/
|/| | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When redirecting output via --output or --output-stderr, firejail was
concatenating all command line arguments into a single string
that was passed to a shell. As the arguments were no longer escaped,
the shell was able to interpret them.
Someone who has control over the command line arguments of the
sandboxed application could use this to run arbitrary other commands.
Instead of passing it through a shell for piping the output to ftee,
the pipeline is now manually created and the processes are executed
directly.
Fixes: CVE-2020-17368
Reported-by: Tim Starling <tstarling@wikimedia.org>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Firejail was parsing --output and --output-stderr options even after
the end-of-options separator ("--"), which would allow someone who
has control over command line options of the sandboxed application,
to write data to a specified file.
Fixes: CVE-2020-17367
Reported-by: Tim Starling <tstarling@wikimedia.org>
|
| |
| |
| |
| | |
closes #1139
|
| |
| |
| |
| |
| |
| |
| | |
* Add profile for otter-browser
Initial
* private-bin,sorting
|
| |
| |
| |
| |
| |
| | |
Ensure that all standard streams are open and we don't inadvertently print to files opened for a different reason; in general we can expect glibc
to take care of this, but it doesn't cover the case where a sandbox is started by root. The added code also serves as a fallback.
Unrelated: For what it's worth, shift umask call closer to main start, so it runs before lowering privileges and before anything can really go wrong.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Added git-cola profile
Initial
* Edit private-etc
Add alternatives,pki
* Add disable-xdg
|
| | |
|