Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | update seccomp in man firejail | rusty-snake | 2019-09-13 |
| | |||
* | libtrace cleanup | netblue30 | 2019-09-10 |
| | |||
* | Add ar profile (#2949) | glitsj16 | 2019-09-08 |
| | | | | | | * Add ar to firecfg * Create ar.profile | ||
* | fix FIREJAIL_FILE_COPY_LIMIT larger than 2GB | smitsohu | 2019-09-05 |
| | |||
* | Revert changes in #2928 to seccomp group @default | Topi Miettinen | 2019-09-04 |
| | | | | | Reconstruct @default by not relying on the changed system call groups @privileged and @resources. | ||
* | Merge pull request #2928 from topimiettinen/seccomp-more-groups | netblue30 | 2019-08-29 |
|\ | | | | | Add further seccomp groups | ||
| * | Add further seccomp groups | Topi Miettinen | 2019-08-28 |
| | | | | | | | | Get further seccomp group definitions from systemd. | ||
* | | fix previous merge | netblue30 | 2019-08-29 |
| | | |||
* | | Merge branch 'master' into seccomp-allow-exceptions | netblue30 | 2019-08-29 |
|\ \ | |||
| * | | seccomp fix: allow numeric syscalls | aoand | 2019-08-26 |
| |/ | | | | | | | as per man page, numeric syscall is indicated by the dollar sign '$' | ||
* / | Allow exceptions to seccomp lists | Topi Miettinen | 2019-08-25 |
|/ | | | | | | | Prefix ! can be used to make exceptions to system call blacklists and whitelists used by seccomp, seccomp.drop and seccomp.keep. Closes #1366 | ||
* | various fixes and improvements | rusty-snake | 2019-08-22 |
| | | | | | | | | | | | | - install contrib/syscalls.sh - add GitLab-CI status to README.md - read-only ${HOME}/.cargo/env - move blacklist ${HOME}/.cargo/registry, ${HOME}/.cargo/config to disable-programs - typo in man firejail firejail-profiles firecfg - better descriptions in man firejail-profiles - fixes in man firejail - template descriptions in firejail-profiles | ||
* | added i2prouter to firecfg | core_contingency | 2019-08-21 |
| | |||
* | Fix revert of previous trace fix. The issue was that programs were crashing ↵ | Glenn Washburn | 2019-08-21 |
| | | | | because libtrace hooked libc calls were being executed before the libtrace library was initialized. This was due to other loaded libraries being initialized first. | ||
* | fix private-bin for tb-starter-wrapper #2863 | rusty-snake | 2019-08-19 |
| | |||
* | Merge pull request #2909 from gm10/fix-get_user | netblue30 | 2019-08-18 |
|\ | | | | | get_user() do not use the unreliable getlogin() | ||
| * | get_user() do not use the unreliable getlogin() | gm10 | 2019-08-13 |
| | | |||
* | | profiles: add kiwix-desktop | Tad | 2019-08-18 |
| | | |||
* | | fix --trace | netblue30 | 2019-08-17 |
|/ | |||
* | Add unzstd profile (#2903) | glitsj16 | 2019-08-12 |
| | | | | | | * Create unzstd.profile * Add unzstd to firecfg.config | ||
* | Add zstd (redirect) profile(s) (#2902) | glitsj16 | 2019-08-12 |
| | | | | | | | | | | | | | | | | * Create zstd.profile * Create pzstd.profile * Create zstdcat.profile * Create zstdgrep.profile * Create zstdless.profile * Create zstdmt.profile * Add zstd and its redirect profiles to firecfg.config | ||
* | add bzcat profile | smitsohu | 2019-08-12 |
| | |||
* | rewrite/partial revert of 8bff773d6a7bf70c97b3d5b751df9ec0dd6c8b5d | smitsohu | 2019-08-09 |
| | | | | | | | the commit in question introduced an early check of Firejail configuration file, which broke "firejail in firejail" for some sandboxes. see issue #2877 | ||
* | integrate private home options with nosound and x11 none | smitsohu | 2019-08-07 |
| | | | | fixes #2867 | ||
* | private home: don't create unused temporary files | smitsohu | 2019-08-07 |
| | |||
* | tune pam-tmpdir file permissions | smitsohu | 2019-08-01 |
| | |||
* | Merge pull request #2883 from flacks/profiles/whalebird | SkewedZeppelin | 2019-08-01 |
|\ | | | | | Add Whalebird profile | ||
| * | Add Whalebird profile | Jean Lucas | 2019-07-31 |
| | | |||
* | | Add new Tor Browser alias | Jean Lucas | 2019-07-31 |
|/ | | | | | | | | | - tor-browser in the AUR is an international package; all other individual language variants have been removed, so, add new alias - Add 'tor-browser' and 'mv' to private-bin in launcher profile ('mv' is required when upgrading tor-browser versions) - Add 'tor-browser' to firecfg.config - Add config dir to disable-programs.inc | ||
* | Corrections | Jean Lucas | 2019-07-31 |
| | | | | | | - Add Zulip config dir to disable-programs.inc - Add disable-xdg.inc to Zulip profile - Add Zulip to firecfg.config | ||
* | Add tb-starter-wrapper.profile (#2863) | rusty-snake | 2019-07-28 |
| | |||
* | fix private-tmp/pam-tmpdir interaction - #2685 | smitsohu | 2019-07-27 |
| | |||
* | Merge branch 'master' of https://github.com/netblue30/firejail | smitsohu | 2019-07-25 |
|\ | |||
| * | fix make scan-build for debian 10 and arch | netblue30 | 2019-07-22 |
| | | |||
* | | fix whitelisting for homedirs outside /home | smitsohu | 2019-07-25 |
| | | |||
* | | fix verbosity for non-authorized user | smitsohu | 2019-07-22 |
|/ | | | | | | users not in firejail.users should only see the error, not the symlink warning. Also exposes less code to non- authorized users. | ||
* | fix gucharmap & add gnome-characters, gnome-character-map | rusty-snake | 2019-07-18 |
| | |||
* | document profile support for allow-debuggers in firejail-profile man page ↵ | Sebastian Hafner | 2019-07-17 |
| | | | | (#2861) | ||
* | faudit: fix gcc stringop-truncation warning | smitsohu | 2019-07-17 |
| | |||
* | check for dir existence before private-* mount | smitsohu | 2019-07-16 |
| | | | fixes #2859 | ||
* | profile support for allow-debuggers (#2856) | Sebastian Hafner | 2019-07-15 |
| | |||
* | homedirs: turn "informational error" into warning | smitsohu | 2019-07-14 |
| | |||
* | don't allow root directory as home | smitsohu | 2019-07-14 |
| | |||
* | uniformly mask /home in all private home options | smitsohu | 2019-07-12 |
| | |||
* | private-home: remove redundancy | smitsohu | 2019-07-12 |
| | |||
* | rename some variables so they don't shadow others with same name | Reiner Herrmann | 2019-07-11 |
| | | | | via lgtm.com | ||
* | Merge pull request #2850 from disconnect3d/patch-1 | Reiner Herrmann | 2019-07-11 |
|\ | | | | | Update pid.c | ||
| * | Update pid.c | Disconnect3d | 2019-07-10 |
| | | | | | | Remove redundant `child` variable in src/lib/pid.c | ||
* | | Update libpostexecseccomp.c (#2851) | Disconnect3d | 2019-07-11 |
| | | | | | | | | | | | | | | | | | | * Update libpostexecseccomp.c Remove `if (size != 0)` condition, which is always true as there is a `if (size <= 0)` condition before. Also note that if the `if (size <= 0)` condition wouldn't be there and `size` would be 0, there would have been an undefined behavior in due to division by zero in `(unsigned short) size / (unsigned short) sizeof(struct sock_filter);`. Found with LGTM: https://lgtm.com/projects/g/netblue30/firejail/snapshot/961c4ca00425b60a7bc8543460031a8ebf3d8aa6/files/src/libpostexecseccomp/libpostexecseccomp.c#x838c24f710410160:1 | ||
* | | remove duplicate fclose/free | Reiner Herrmann | 2019-07-10 |
|/ |