| Commit message (Collapse) | Author | Age |
| |
|
| |
|
| |
|
|\
| |
| | |
modif: Escape control characters of the command line
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Names and commands can contain control characters:
```
firejail --name="$(echo -e '\e[31mRed\n\b\b\bText\e[0m')" sleep 10s
```
results in "Text" printed in red.
Prevent commands like `--tree` to control the terminal.
|
| |
| |
| |
| | |
profiles
|
| | |
|
| | |
|
| |
| |
| |
| | |
md5sum/sha512sum, more sysutils testing, fix electron-hardened.inc.profile
|
| | |
|
| | |
|
| | |
|
|\ \
| | |
| | | |
feature: Add 'keep-shell-rc' command and option
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This fixes #1127.
This allow a user to provide their own zshrc/bashrc inside the jail.
This is very useful when using firejail to develop and prevent bad pip
packages to access your system.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
|/ / |
|
|\ \
| | |
| | | |
modif: Prevent sandbox name from containing only digits
|
| | |
| | |
| | |
| | |
| | | |
Names should not contain only numbers,
as they are used in other commands as PIDs.
|
| | |
| | |
| | |
| | | |
group; added nvidia and X11 directories to @x11 group.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
groups added
|
| | | |
|
| | | |
|
| | |
| | |
| | |
| | | |
feature
|
|\ \ \
| | | |
| | | | |
modif: Stop forwarding own double-dash to the shell
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Currently, if double-dash ("--") is passed to firejail, it is forwarded
to the user shell:
$ firejail --debug --noprofile -- echo test 2>&1 |
grep -e execvp -e test
Building quoted command line: 'echo' 'test'
Building quoted command line: 'echo' 'test'
Running 'echo' 'test' command through /bin/bash
execvp argument 0: /bin/bash
execvp argument 1: -c
execvp argument 2: --
execvp argument 3: 'echo' 'test'
test
This causes issues when the user shell does not accept "--" / is not
POSIX-compatible:
$ /bin/bash -c -- 'echo test'
test
$ /bin/fish -c -- 'echo test'
fish: Unknown command: --
fish:
--
^
Fixes #5599.
Relates to #3434.
Reported-by: @iltep64
Reported-by: @ferreum
|
| | | | |
|
|/ / / |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To make it clearer.
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To avoid boolean confusion (`no-foo no` / `no-foo yes`) in
firejail.config:
etc-no-blacklisted no
etc-no-blacklisted yes
Commands used to search and replace:
git grep -Ilz -i 'etc.no.blacklisted' -- etc src |
xargs -0 -I '{}' sh -c "printf '%s\n' \"\$(sed \
-e 's/etc-no-blacklisted/etc-hide-blacklisted/' \
-e 's/ETC_NO_BLACKLISTED/ETC_HIDE_BLACKLISTED/' \
'{}')\" >'{}'"
Added on commit ded50200e ("opt-in: skip blacklisted files in
private-etc - #5010, #5230", 2023-01-15) / PR #5591.
|
|\ \ \
| | | |
| | | | |
opt-in: hide blacklisted files in /etc
|
| |/ / |
|
|\ \ \
| |_|/
|/| | |
New profiles: linuxqq/qq
|
| |\| |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| | |
| | | |
Fixes #5585
|
| | | |
|
| |/
|/| |
|
|\ \
| | |
| | | |
A temporary fix to the bug caused by apparmor profiles stacking.
|
| | | |
|